Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

form_helper.label throws tainted #1

Open
eliasbaixas opened this Issue · 2 comments

2 participants

@eliasbaixas

Hello ! first of all, thanks for writing this plugin :)

I just have one problem: when I do a <% form_for @object do |f| %>
and then an <%= f.label :some_method %> it throws an exception, even though from what I can see, the string should not be tainted, after all, it's just a label, and nothing should come out of the Database. is this normal ? how should I fix it ?

thanks !

Elias

@eliasbaixas

Ok, I just saw that everything that comes from I18n.t comes tainted. I'll just monkey-patch i18n.t to untaint strings.

thanks !

@abedra
Owner

Also consider using rails-xss from now on. This was a workaround to a lack of proper support in Rails 2.x. rails-xss is a backport of the Rails 3 support and is a more natural approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.