search

pauladaniel / calendardateselect

Automatically exported from code.google.com/p/calendardateselect
Other
0 stars 0 forks source link

The return from the helper is not marked as html_safe #189

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
With rails 2.3.5 and the rails_xss plugin to enable html stripping by default 
the return from the calendar_date_select helper has not been marked with the 
html_safe! string method call before returning and therefore gets its html 
code escaped.

Adding this in will help bring the code upto rails 3 standard as this will be 
the default when released.

Original issue reported on code.google.com by ebot...@gmail.com on 20 Dec 2009 at 5:50

GoogleCodeExporter commented 8 years ago 
Thanks for the warning and pointer in the right direction. I got it to work 
with edge 
rails by:

changing line 210  in 
vendor/plugins/calendar_date_select/lib/calendar_date_select/form_helpers to:

return out.html_safe!

and changing lines 26-27 in 
vendor/plugins/calendar_date_select/lib/calendar_date_select/includes_helper to:

    (javascript_include_tag(*calendar_date_select_javascripts(:locale => 
options[:locale])) + "\n" +
    stylesheet_link_tag(*calendar_date_select_stylesheets(:style => options[:style])) 
+ "\n").html_safe!

Original comment by ian.o.mi...@gmail.com on 17 Jan 2010 at 10:57