Posted by Bart ten Brinke Thu, 05 Jul 2007 13:16:10 GMT
I was busy working on some view templates, but there was some syntax in my views that was absolutely annoying me.
<%= submit_tag h(_('Update')) %>
This can be solved in three locations, all of them extremely ugly:
- Overwrite submit_tag in the form builder to escape every parameter. This will cause all different uses of submit_tag to break.
- Escape all entries in my gettext po file and drop the h. Which is not very secure.
- Overwrite _ to escape everything, which will cause all sorts of strange behaviour on other locations.
After looking at all four, I realised I could fix it a fourth way:
module ApplicationHelper
def h_(string)
h(_(string))
end
end
Making my forms now much nicer to look at and very secure:
<%= submit_tag h_('Update') %>
Dr. Nic, eat your heart out :)!
Ps: add this to your gettext rake task:
GetText::RubyParser::ID = GetText::RubyParser::ID + ['h_']
