Pagination links should be marked as HTML safe #19

greenlynx opened this Issue Dec 1, 2009 · 7 comments


None yet
5 participants

Using Rails 2.3.5 and the rails_xss plugin, the pagination links are not marked as HTML safe, so are escaped and do not display correctly. It seems like they should be marked using html_safe! by default if it is available?


mislav commented Dec 1, 2009

I've tried to fix this, but will_paginate gem gets loaded before the rails_xss plugin — therefore I can't mark output as html_safe because I can't know if the application is using xss protection at all.

You can drop this in your app as a solution:

WillPaginate::ViewHelpers.module_eval do
  safe_helper :will_paginate, :paginated_section, :page_entries_info

mislav commented Feb 5, 2010

will_paginate 2.3.12 and 3.0.pre should now be html safe. however, the problem described in my last comment still persists. closing

ghazel commented Mar 1, 2010

I just added that block to config/initializers/will_paginate.rb and it worked great.


Flink commented May 26, 2010

With rails 2.3.8, it doesn't work. The div class="pagination" is safe_html but everything inside (spans, links, etc) is escaped... :(


Flink commented May 26, 2010

Just made a pull request about this issue :)

eagleas commented May 26, 2010

Flink's patch is work fine (rails 2.3.8)


mislav commented May 26, 2010

Thanks. Released 2.3.13

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment