summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2014-05-20 13:20:25 +0200
committerAzul <azul@leap.se>2014-05-26 12:59:26 +0200
commita337088f4d6d12d1ea26f494f4ca078cff4b4070 (patch)
treec15e7be13f11686e30e9624f40dbef934a801cbd /app
parentc10f9311678ff2183443bc03e153b30d3b68ff74 (diff)
remove unused bold helper and instead sanitize flash
Diffstat (limited to 'app')
-rw-r--r--app/controllers/application_controller.rb10
-rw-r--r--app/helpers/application_helper.rb3
2 files changed, 2 insertions, 11 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 35d6cb4..a4560e2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -23,16 +23,6 @@ class ApplicationController < ActionController::Base
json: {error: "The server failed to process your request. We'll look into it."}
end
- #
- # Allows us to pass through bold text to flash messages. See format_flash() for where this is reversed.
- #
- # TODO: move to core
- #
- def bold(str)
- "[b]#{str}[/b]"
- end
- helper_method :bold
-
##
## LOCALE
##
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 90e649a..6de5e1b 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -40,8 +40,9 @@ module ApplicationHelper
end
end
+ # fairly strict sanitation for flash messages
def format_flash(msg)
- html_escape(msg).gsub('[b]', '<b>').gsub('[/b]', '</b>').html_safe
+ sanitize(msg, tags: %w(em strong b br), attributes: [])
end
end