From 1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 Mon Sep 17 00:00:00 2001 From: Matthew Landauer Date: Thu, 3 Jan 2013 13:54:08 +1100 Subject: html content of messages and comments are html safe --- app/models/comment.rb | 2 +- app/models/incoming_message.rb | 2 +- app/models/outgoing_message.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'app/models') diff --git a/app/models/comment.rb b/app/models/comment.rb index 5507910e2..bcd1efca8 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -68,7 +68,7 @@ class Comment < ActiveRecord::Base text = CGI.escapeHTML(text) text = MySociety::Format.make_clickable(text, :contract => 1) text = text.gsub(/\n/, '
') - return text + return text.html_safe end # When posting a new comment, use this to check user hasn't double submitted. diff --git a/app/models/incoming_message.rb b/app/models/incoming_message.rb index 123319125..98124b28e 100644 --- a/app/models/incoming_message.rb +++ b/app/models/incoming_message.rb @@ -851,7 +851,7 @@ class IncomingMessage < ActiveRecord::Base text = text.gsub(/\n/, '
') text = text.gsub(/(?:
\s*){2,}/, '

') # remove excess linebreaks that unnecessarily space it out - return text + return text.html_safe end diff --git a/app/models/outgoing_message.rb b/app/models/outgoing_message.rb index 2e98e1021..441813e5f 100644 --- a/app/models/outgoing_message.rb +++ b/app/models/outgoing_message.rb @@ -252,7 +252,7 @@ class OutgoingMessage < ActiveRecord::Base text = MySociety::Format.make_clickable(text, :contract => 1) text.gsub!(/\[(email address|mobile number)\]/, '[\1]') text = text.gsub(/\n/, '
') - return text + return text.html_safe end def fully_destroy -- cgit v1.2.3