Merge branch 'rails_xss' into rails-3-spike

Conflicts: Gemfile Gemfile.lock app/views/request/_hidden_correspondence.rhtml app/views/request/hidden.rhtml app/views/request/new_please_describe.rhtml app/views/user/show.rhtml lib/i18n_fixes.rb
author: Matthew Landauer <matthew@openaustralia.org> 2013-01-04 09:45:52 +1100
committer: Matthew Landauer <matthew@openaustralia.org> 2013-01-04 09:47:06 +1100
commit: 44947335b285673591ef44c9c66efa584298e6ee (patch)
tree: d2d37100701f0d4af3c72cd11c11fd9de2587ac7 /lib
parent: 463b003eb11071e52ad07c3808ac6924d0301dc0 (diff)
parent: 1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 (diff)
2 files changed, 2 insertions, 3 deletions
diff --git a/lib/make_html_4_compliant.rb b/lib/make_html_4_compliant.rb
index 214eb9f1f..8926d5873 100644
--- a/lib/make_html_4_compliant.rb
+++ b/lib/make_html_4_compliant.rb
@@ -3,7 +3,6 @@
 
 ActionView::Helpers::TagHelper.module_eval do
   def tag(name, options = nil, open = false, escape = true)
-    "<#{name}#{tag_options(options, escape) if options}" + (open ? ">" : ">")
+    "<#{name}#{tag_options(options, escape) if options}#{open ? ">" : ">"}".html_safe
   end
 end
-
diff --git a/lib/use_spans_for_errors.rb b/lib/use_spans_for_errors.rb
index cda05c588..135453f78 100644
--- a/lib/use_spans_for_errors.rb
+++ b/lib/use_spans_for_errors.rb
@@ -8,5 +8,5 @@
 #
 # See http://dev.rubyonrails.org/ticket/2210
 
-ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance|  %(<span class="fieldWithErrors">#{html_tag}</span>)}
+ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance|  %(<span class="fieldWithErrors">#{html_tag}</span>).html_safe}
author	Matthew Landauer <matthew@openaustralia.org>	2013-01-04 09:45:52 +1100
committer	Matthew Landauer <matthew@openaustralia.org>	2013-01-04 09:47:06 +1100
commit	44947335b285673591ef44c9c66efa584298e6ee (patch)
tree	d2d37100701f0d4af3c72cd11c11fd9de2587ac7 /lib
parent	463b003eb11071e52ad07c3808ac6924d0301dc0 (diff)
parent	1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 (diff)