How to make Rails I18n string partially safe

Question

How to mark as not safe only the variable that is passed into the translation method, when using i18n gem in Ruby on Rails framework?

For example:

t(
  'safe', 
  default: 'Unsafe <b>%{unsafe_variable}</b> and safe %{safe_variable}', 
  unsafe_variable: "<script>alert('unsafe');</script>", 
  safe_variable: '<strong>safe</strong>'
)

Should return

Unsafe <b>&lt;script&gt;alert('unsafe');&lt;/script&gt;</b> and safe <strong>safe</strong>

score 2 · Accepted Answer · answered Aug 24 '14 at 15:12

If you know in advance which one is safe and which one is unsafe, you can simply use the h helper to force escape the unsafe variable.

t('safe', default: 'Unsafe <b>%{unsafe_variable}</b> and safe %{safe_variable}', 
  unsafe_variable: h("<script>alert('unsafe');</script>"), 
  safe_variable: '<strong>safe</strong>'
)

How to make Rails I18n string partially safe

1 Answers1