cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use _html suffix to avoid using raw when displaying translated strings

Browse source 
This is safer than raw, since any user input is still escaped.
This commit is contained in:
Andy Allan 2019-12-20 10:29:07 +01:00
parent 01a506a254
commit dfedf85b6c
9 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/views/site/_potlatch2.html.erb
View file

@ -15,5 +15,5 @@
<% end %>
<% data[:locale] = Locale.list(Potlatch2::LOCALES.keys).preferred(preferred_languages).to_s -%>
<% data[:locale_path] = asset_path("potlatch2/locales/#{Potlatch2::LOCALES[data[:locale]]}.swf") -%>
<%= content_tag :div, raw(t("site.edit.flash_player_required")), :id => "potlatch", :data => data %>
<%= content_tag :div, t("site.edit.flash_player_required_html"), :id => "potlatch", :data => data %>
</div>