diff options
author | Azul <azul@leap.se> | 2014-05-20 13:20:25 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2014-05-26 12:59:26 +0200 |
commit | a337088f4d6d12d1ea26f494f4ca078cff4b4070 (patch) | |
tree | c15e7be13f11686e30e9624f40dbef934a801cbd /app | |
parent | c10f9311678ff2183443bc03e153b30d3b68ff74 (diff) |
remove unused bold helper and instead sanitize flash
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 10 | ||||
-rw-r--r-- | app/helpers/application_helper.rb | 3 |
2 files changed, 2 insertions, 11 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 35d6cb4..a4560e2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -23,16 +23,6 @@ class ApplicationController < ActionController::Base json: {error: "The server failed to process your request. We'll look into it."} end - # - # Allows us to pass through bold text to flash messages. See format_flash() for where this is reversed. - # - # TODO: move to core - # - def bold(str) - "[b]#{str}[/b]" - end - helper_method :bold - ## ## LOCALE ## diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 90e649a..6de5e1b 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -40,8 +40,9 @@ module ApplicationHelper end end + # fairly strict sanitation for flash messages def format_flash(msg) - html_escape(msg).gsub('[b]', '<b>').gsub('[/b]', '</b>').html_safe + sanitize(msg, tags: %w(em strong b br), attributes: []) end end |