Mark some strings that shouldn't be escaped as raw

app/helpers/application_helper.rb

@@ -37,7 +37,7 @@ def javascript_strings
     js << javascript_strings_for_key("javascripts")
     js << "</script>\n"
 
-    return js
+    return raw(js)
   end
 
   def style_rules

app/helpers/geocoder_helper.rb

@@ -3,9 +3,9 @@ def result_to_html(result)
     html_options = {}
     #html_options[:title] = strip_tags(result[:description]) if result[:description]
     if result[:min_lon] and result[:min_lat] and result[:max_lon] and result[:max_lat]
-      html_options[:href] = "?minlon=#{result[:min_lon]}&minlat=#{result[:min_lat]}&maxlon=#{result[:max_lon]}&maxlat=#{result[:max_lat]}"
+      html_options[:href] = raw("?minlon=#{result[:min_lon]}&minlat=#{result[:min_lat]}&maxlon=#{result[:max_lon]}&maxlat=#{result[:max_lat]}")
     else
-      html_options[:href] = "?mlat=#{result[:lat]}&mlon=#{result[:lon]}&zoom=#{result[:zoom]}"
+      html_options[:href] = raw("?mlat=#{result[:lat]}&mlon=#{result[:lon]}&zoom=#{result[:zoom]}")
     end
 
     html = ""
@@ -19,6 +19,7 @@ def result_to_html(result)
     end
 
     html << result[:suffix] if result[:suffix]
-    return html
+
+    return raw(html)
   end
 end

app/views/changeset/list.html.erb

@@ -1,5 +1,5 @@
 <h1><%= @heading %></h1>
-<p><%= @description %></p>
+<p><%= raw(@description) %></p>
 
 <%= render :partial => 'changeset_paging_nav' %>
 

app/views/diary_entry/_diary_comment.html.erb

@@ -1,5 +1,5 @@
 <%= user_thumbnail diary_comment.user %>
-<h4 id="comment<%= diary_comment.id %>"><%= t('diary_entry.diary_comment.comment_from', :link_user => (link_to h(diary_comment.user.display_name), :controller => 'user', :action => 'view', :display_name => diary_comment.user.display_name), :comment_created_at => l(diary_comment.created_at, :format => :friendly)) %></h4>
+<h4 id="comment<%= diary_comment.id %>"><%= raw(t('diary_entry.diary_comment.comment_from', :link_user => (link_to h(diary_comment.user.display_name), :controller => 'user', :action => 'view', :display_name => diary_comment.user.display_name), :comment_created_at => l(diary_comment.created_at, :format => :friendly))) %></h4>
 <%= htmlize(diary_comment.body) %>
 <% if_administrator(:span) do %> 
   <%= link_to t('diary_entry.diary_comment.hide_link'), {:action => 'hidecomment', :display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id}, {:confirm => t('diary_entry.diary_comment.confirm')} %>

app/views/diary_entry/_diary_entry.html.erb

@@ -1,15 +1,15 @@
 <b><%= link_to h(diary_entry.title), :action => 'view', :display_name => diary_entry.user.display_name, :id => diary_entry.id %></b><br />
 
 <div xml:lang="<%= diary_entry.language_code %>" lang="<%= diary_entry.language_code %>">
-  <%= htmlize(diary_entry.body) %>
+  <%= raw(htmlize(diary_entry.body)) %>
 </div>
 
 <% if diary_entry.latitude and diary_entry.longitude %>
   <%= render :partial => "location", :object => diary_entry %>
   <br />
 <% end %>
 
-<%= t 'diary_entry.diary_entry.posted_by', :link_user => (link_to h(diary_entry.user.display_name), :controller => 'user', :action => 'view', :display_name => diary_entry.user.display_name), :created => l(diary_entry.created_at, :format => :friendly), :language_link => (link_to h(diary_entry.language.name), :controller => 'diary_entry', :action => 'list', :language => diary_entry.language_code)  %> 
+<%= raw(t 'diary_entry.diary_entry.posted_by', :link_user => (link_to h(diary_entry.user.display_name), :controller => 'user', :action => 'view', :display_name => diary_entry.user.display_name), :created => l(diary_entry.created_at, :format => :friendly), :language_link => (link_to h(diary_entry.language.name), :controller => 'diary_entry', :action => 'list', :language => diary_entry.language_code)) %> 
 
 <% if params[:action] == 'list' %>
   <br />

app/views/geocoder/_description.html.erb

@@ -1,8 +1,8 @@
 <% @sources.each do |source| %>
   <% if source[:types] %>
-    <p class="search_results_heading"><%= t("geocoder.description.title.#{source[:name]}", :types => t("geocoder.description.types.#{source[:types]}")) %></p>
+    <p class="search_results_heading"><%= raw(t("geocoder.description.title.#{source[:name]}", :types => t("geocoder.description.types.#{source[:types]}"))) %></p>
   <% else %>
-    <p class="search_results_heading"><%= t("geocoder.description.title.#{source[:name]}") %></p>
+    <p class="search_results_heading"><%= raw(t("geocoder.description.title.#{source[:name]}")) %></p>
   <% end %>
   <div class='search_results_entry' id='<%= "description_#{source[:name]}_#{source[:types]}" %>'>
     <%= image_tag "searching.gif", :class => "search_searching" %>

app/views/geocoder/_search.html.erb

@@ -1,5 +1,5 @@
 <% @sources.each do |source| %>
-  <p class="search_results_heading"><%= t "geocoder.search.title.#{source}" %></p>
+  <p class="search_results_heading"><%= raw(t "geocoder.search.title.#{source}") %></p>
   <div class='search_results_entry' id='<%= "search_#{source}" %>'>
     <%= image_tag "searching.gif", :class => "search_searching" %>
   </div>

app/views/layouts/_flash.html.erb

@@ -1,11 +1,11 @@
 <% if flash[:error] %>
-  <div id="error"><%= flash[:error] %></div>
+  <div id="error"><%= raw flash[:error] %></div>
 <% end %>
 
 <% if flash[:warning] %>
-  <div id="warning"><%= flash[:warning] %></div>
+  <div id="warning"><%= raw flash[:warning] %></div>
 <% end %>
 
 <% if flash[:notice] %>
-  <div id="notice"><%= flash[:notice] %></div>
+  <div id="notice"><%= raw flash[:notice] %></div>
 <% end %>

app/views/layouts/site.html.erb

@@ -14,7 +14,7 @@
 
     <span id="greeting">
       <% if @user and @user.id %>
-        <span id="full-greeting"><%= t 'layouts.welcome_user', :user_link => (link_to h(@user.display_name), {:controller => 'user', :action => 'view', :display_name => @user.display_name}, :title => t('layouts.welcome_user_link_tooltip')) %></span> 
+        <span id="full-greeting"><%= raw(t 'layouts.welcome_user', :user_link => (link_to h(@user.display_name), {:controller => 'user', :action => 'view', :display_name => @user.display_name}, :title => t('layouts.welcome_user_link_tooltip'))) %></span> 
         <span id="small-greeting"><%= link_to t('layouts.welcome_user_link_tooltip'), {:controller => 'user', :action => 'view', :display_name => @user.display_name} %></span> | 
         <%= yield :greeting %>
         <%= render :partial => "layouts/inbox" %> |
@@ -83,11 +83,11 @@
           <%= t 'layouts.intro_2' %>
         </p>
         <p>
-        <%= t 'layouts.intro_3', 
-              :ucl => link_to(t('layouts.intro_3_ucl'), "http://www.vr.ucl.ac.uk"),
-              :ic => link_to(t('layouts.intro_3_ic'), "http://www.imperial.ac.uk/"),
-              :bytemark => link_to(t('layouts.intro_3_bytemark'), "http://www.bytemark.co.uk"),
-              :partners => link_to(t('layouts.intro_3_partners'), t('layouts.intro_3_partners_url')) %>
+        <%= raw(t 'layouts.intro_3', 
+                  :ucl => link_to(t('layouts.intro_3_ucl'), "http://www.vr.ucl.ac.uk"),
+                  :ic => link_to(t('layouts.intro_3_ic'), "http://www.imperial.ac.uk/"),
+                  :bytemark => link_to(t('layouts.intro_3_bytemark'), "http://www.bytemark.co.uk"),
+                  :partners => link_to(t('layouts.intro_3_partners'), t('layouts.intro_3_partners_url'))) %>
         </p>
       </div>
       <% end %>

app/views/message/inbox.html.erb

@@ -17,5 +17,5 @@
     </table>
   </div>
 <% else %>
-  <div id="messages"><%= t'message.inbox.no_messages_yet', :people_mapping_nearby_link => link_to(t('message.inbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => @user.display_name) %></div>
+  <div id="messages"><%= raw(t'message.inbox.no_messages_yet', :people_mapping_nearby_link => link_to(t('message.inbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => @user.display_name)) %></div>
 <% end %>

app/views/message/new.html.erb

@@ -1,4 +1,4 @@
-<h2><%= t'message.new.send_message_to', :name => link_to(h(@to_user.display_name), {:controller => 'user', :action => 'view', :display_name => @to_user.display_name}) %></h2>
+<h2><%= raw(t'message.new.send_message_to', :name => link_to(h(@to_user.display_name), {:controller => 'user', :action => 'view', :display_name => @to_user.display_name})) %></h2>
 
 <%= error_messages_for 'message' %>
 

app/views/message/outbox.html.erb

@@ -1,4 +1,4 @@
-<h2><%= t'message.outbox.my_inbox', :inbox_link => link_to(t('message.outbox.inbox'), url_for(:controller => "user", :action => "inbox", :id => @user.display_name)) %>/<%= t'message.outbox.outbox' %></h2>
+<h2><%= raw(t'message.outbox.my_inbox', :inbox_link => link_to(t('message.outbox.inbox'), url_for(:controller => "user", :action => "inbox", :id => @user.display_name))) %>/<%= t'message.outbox.outbox' %></h2>
 
 <p><%= t'message.outbox.you_have_sent_messages', :count => @user.sent_messages.size %>
 
@@ -15,5 +15,5 @@
     </table>
   </div>
 <% else %>
-  <div id="messages"><%= t'message.outbox.no_sent_messages', :people_mapping_nearby_link => link_to(t('message.outbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => @user.display_name) %></div>
+  <div id="messages"><%= raw(t'message.outbox.no_sent_messages', :people_mapping_nearby_link => link_to(t('message.outbox.people_mapping_nearby'), :controller => 'user', :action => 'view', :display_name => @user.display_name)) %></div>
 <% end %>

app/views/notifier/signup_confirm.text.html.erb

@@ -5,16 +5,17 @@
 
 <p><%= t'notifier.signup_confirm_html.click_the_link' %></p>
 
-<p><a href="<%= @url %>"><%= @url %></a></p>
+<p><%= raw(link_to @url, @url) %></p>
 
-<p><%= t'notifier.signup_confirm_html.introductory_video', :introductory_video_link => ('<a href="http://showmedo.com/videos/video?name=1800000&fromSeriesID=180">' + t('notifier.signup_confirm_html.video_to_openstreetmap') + '</a>') %> <%= t'notifier.signup_confirm_html.more_videos', :more_videos_link => ('<a href="http://showmedo.com/videos/series?name=mS2P1ZqS6">' + t('notifier.signup_confirm_html.more_videos_here') + '</a>') %>
+<p><%= raw(t'notifier.signup_confirm_html.introductory_video', :introductory_video_link => link_to(t('notifier.signup_confirm_html.video_to_openstreetmap'), "http://showmedo.com/videos/video?name=1800000&fromSeriesID=180")) %>
+   <%= raw(t'notifier.signup_confirm_html.more_videos', :more_videos_link => link_to(t('notifier.signup_confirm_html.more_videos_here'), "http://showmedo.com/videos/series?name=mS2P1ZqS6")) %></p>
 
-<p><%= t'notifier.signup_confirm_html.get_reading' %></p>
+<p><%= raw(t'notifier.signup_confirm_html.get_reading') %></p>
 
-<p><%= t'notifier.signup_confirm_html.ask_questions' %></p>
+<p><%= raw(t'notifier.signup_confirm_html.ask_questions') %></p>
 
-<p><%= t'notifier.signup_confirm_html.wiki_signup' %></p>
+<p><%= raw(t'notifier.signup_confirm_html.wiki_signup') %></p>
 
-<p><%= t'notifier.signup_confirm_html.user_wiki_page' %></p> 
+<p><%= raw(t'notifier.signup_confirm_html.user_wiki_page') %></p> 
 
-<p><%= t'notifier.signup_confirm_html.current_user' %></p>
+<p><%= raw(t'notifier.signup_confirm_html.current_user') %></p>

app/views/oauth_clients/index.html.erb

@@ -21,7 +21,7 @@
 <% end %>
 <h3><%= t'oauth_clients.index.my_apps' %></h3>
 <% if @client_applications.empty? %>
-<p><%= t('oauth_clients.index.no_apps', :oauth => "<a href=\"http://oauth.net\">OAuth</a>") %></p>
+<p><%= raw(t('oauth_clients.index.no_apps', :oauth => "<a href=\"http://oauth.net\">OAuth</a>")) %></p>
 <% else %>
 <p><%= t'oauth_clients.index.registered_apps' %></p>
 <% @client_applications.each do |client|%>

app/views/site/_search.html.erb

@@ -82,7 +82,7 @@
     </div>
     </div>
     <p class="search_help">
-      <%= t 'site.search.search_help' %>
+      <%= raw(t 'site.search.search_help') %>
     </p>
   </div>
 <% end %>

app/views/site/copyright.html.erb

@@ -41,5 +41,5 @@
     <hr />
   <% end %>
 
-  <%= t('license_page.legal_babble') %>
+  <%= raw(t('license_page.legal_babble')) %>
 <% end %>

app/views/trace/_trace.html.erb

@@ -25,7 +25,7 @@
     <%= t'trace.trace.by' %> <%=link_to h(trace.user.display_name), {:controller => 'user', :action => 'view', :display_name => trace.user.display_name} %>
     <% if !trace.tags.empty? %>
       <%= t'trace.trace.in' %> 
-      <%= trace.tags.collect { |tag| link_to_tag tag.tag }.join(", ") %>
+      <%= raw(trace.tags.collect { |tag| link_to_tag tag.tag }.join(", ")) %>
     <% end %>
   </td>
 </tr>

app/views/trace/view.html.erb

@@ -38,7 +38,7 @@
     <td><%= t'trace.view.tags' %></td>
     <td>
     <% unless @trace.tags.empty? %>
-      <%= @trace.tags.collect { |tag| link_to tag.tag, { :controller => 'trace', :action => 'list', :tag => tag.tag, :id => nil } }.join(", ") %>
+      <%= raw(@trace.tags.collect { |tag| link_to tag.tag, { :controller => 'trace', :action => 'list', :tag => tag.tag, :id => nil } }.join(", ")) %>
     <% else %>
       <i><%= t'trace.view.none' %></i>
     <% end %>

app/views/user/new.html.erb

@@ -26,7 +26,7 @@
     </tr>
     <tr>
       <td></td>
-      <td><span class="minorNote"><%= t 'user.new.not displayed publicly' %></span></td>
+      <td><span class="minorNote"><%= raw(t 'user.new.not displayed publicly') %></span></td>
     </tr>
 
     <tr><td colspan="2">&nbsp;<!--vertical spacer--></td></tr>

app/views/user/view.html.erb

@@ -92,7 +92,7 @@
 <% if @user and @this_user.id == @user.id %>
   <div id="map" class="user_map">
     <% if @this_user.home_lat.nil? or @this_user.home_lon.nil? %>
-      <p id="no_home_location"><%= t 'user.view.if set location', :settings_link => (link_to t('user.view.settings_link_text'), :controller => 'user', :action => 'account', :display_name => @user.display_name) %></p>
+      <p id="no_home_location"><%= raw(t 'user.view.if set location', :settings_link => (link_to t('user.view.settings_link_text'), :controller => 'user', :action => 'account', :display_name => @user.display_name)) %></p>
     <% else %>
       <%= render :partial => 'map', :locals => { :setting_location => false, :show_other_users => true } %>
     <% end %>

app/views/user_blocks/blocks_by.html.erb

@@ -1,5 +1,5 @@
 <% @title = t('user_block.blocks_by.title', :name => h(@this_user.display_name)) %>
-<h1><%= t('user_block.blocks_by.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
+<h1><%= raw(t('user_block.blocks_by.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name}))) %></h1>
 
 <% unless @user_blocks.empty? %>
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => true, :show_creator_name => false } %>

app/views/user_blocks/blocks_on.html.erb

@@ -1,5 +1,5 @@
 <% @title = t('user_block.blocks_on.title', :name => h(@this_user.display_name)) %>
-<h1><%= t('user_block.blocks_on.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name})) %></h1>
+<h1><%= raw(t('user_block.blocks_on.heading', :name => link_to(h(@this_user.display_name), {:controller => 'user', :action => 'view', :display_name => @this_user.display_name}))) %></h1>
 
 <% unless @user_blocks.empty? %>
 <%= render :partial => 'blocks', :locals => { :show_revoke_link => (@user and @user.moderator?), :show_user_name => false, :show_creator_name => true } %>