Skip to content

form_helper.label throws tainted #1

eliasbaixas opened this Issue Mar 2, 2011 · 2 comments

2 participants


Hello ! first of all, thanks for writing this plugin :)

I just have one problem: when I do a <% form_for @object do |f| %>
and then an <%= f.label :some_method %> it throws an exception, even though from what I can see, the string should not be tainted, after all, it's just a label, and nothing should come out of the Database. is this normal ? how should I fix it ?

thanks !



Ok, I just saw that everything that comes from I18n.t comes tainted. I'll just monkey-patch i18n.t to untaint strings.

thanks !

abedra commented Mar 6, 2011

Also consider using rails-xss from now on. This was a workaround to a lack of proper support in Rails 2.x. rails-xss is a backport of the Rails 3 support and is a more natural approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.