1

I am using Rails 2.3.9, and have installed the rails_xss plugin. I have made everything that needs to be html_safe, but have just noticed a problem when a form helper fails validation. When i enter an incorrect email address, and it fails validation, i get the following in my browser:

<span class="fieldWithErrors"><label class="concise" for="user_session_email">Email Address:</label></span> <span class="fieldWithErrors"><input class="txt" id="user_session_email" name="user_session[email]" size="30" type="text" value="not_a_proper_email_address" /></span

I guess this is to do with rails_xss, but i don't know how to fix it. Thanks

dangerousdave
  • 6,331
  • 8
  • 45
  • 62

1 Answers1

1

Well i seem to have fixed the problem with this hack added to environment.rb

ActionView::Base.field_error_proc = Proc.new do |html_tag, instance|
  '<span class="field_with_errors">'.html_safe << html_tag << '</span>'.html_safe
end

Is this a bug? is this really the best fix??

dangerousdave
  • 6,331
  • 8
  • 45
  • 62
  • 1
    yeah, I had to do that too. There was a bug posted against rails in 2007 but it was on the old bug tracking system and the link to it no longer works. see http://ethilien.net/archives/fixing-divfieldwitherrors-in-ruby-on-rails/ - the bug link is in the comments. – ffoeg Jan 08 '11 at 17:15