diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-01-16 13:56:25 +0000 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-01-16 13:56:25 +0000 |
| commit | cc91fa28cd0e64576a5f2d8e5c2cb3629636ee74 (patch) | |
| tree | cbb1aef74227804182b5e1ac003beddb26a158d4 /app/helpers/application_helper.rb | |
| parent | 5de48637d9efa6236d2f8478126d67fefe416096 (diff) | |
| parent | a67666e34c280d2b9eb613f57d96ba4ee5fcd749 (diff) | |
Merge remote-tracking branch 'openaustralia_github/rails_xss' into develop
Diffstat (limited to 'app/helpers/application_helper.rb')
| -rw-r--r-- | app/helpers/application_helper.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 6411cf27e..b9ba712a4 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -35,15 +35,15 @@ module ApplicationHelper end end - error_messages = [] + error_messages = "".html_safe for object in objects object.errors.each do |attr, message| - error_messages << content_tag(:li, message) + error_messages << content_tag(:li, h(message)) end end content_tag(:div, - content_tag(:ul, error_messages.join), + content_tag(:ul, error_messages), html ) else |