From 1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 Mon Sep 17 00:00:00 2001
From: Matthew Landauer <matthew@openaustralia.org>
Date: Thu, 3 Jan 2013 13:54:08 +1100
Subject: html content of messages and comments are html safe

---
 app/models/comment.rb          | 2 +-
 app/models/incoming_message.rb | 2 +-
 app/models/outgoing_message.rb | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'app/models')

diff --git a/app/models/comment.rb b/app/models/comment.rb
index 5507910e2..bcd1efca8 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -68,7 +68,7 @@ class Comment < ActiveRecord::Base
         text = CGI.escapeHTML(text)
         text = MySociety::Format.make_clickable(text, :contract => 1)
         text = text.gsub(/\n/, '<br>')
-        return text
+        return text.html_safe
     end
 
     # When posting a new comment, use this to check user hasn't double submitted.
diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb
index 123319125..98124b28e 100644
--- a/app/models/incoming_message.rb
+++ b/app/models/incoming_message.rb
@@ -851,7 +851,7 @@ class IncomingMessage < ActiveRecord::Base
 
         text = text.gsub(/\n/, '<br>')
         text = text.gsub(/(?:<br>\s*){2,}/, '<br><br>') # remove excess linebreaks that unnecessarily space it out
-        return text
+        return text.html_safe
     end
 
 
diff --git a/app/models/outgoing_message.rb b/app/models/outgoing_message.rb
index 2e98e1021..441813e5f 100644
--- a/app/models/outgoing_message.rb
+++ b/app/models/outgoing_message.rb
@@ -252,7 +252,7 @@ class OutgoingMessage < ActiveRecord::Base
         text = MySociety::Format.make_clickable(text, :contract => 1)
         text.gsub!(/\[(email address|mobile number)\]/, '[<a href="/help/officers#mobiles">\1</a>]')
         text = text.gsub(/\n/, '<br>')
-        return text
+        return text.html_safe
     end
 
     def fully_destroy
-- 
cgit v1.2.3