warn the user values are directly interpolated into _html translation strings
This commit is contained in:
parent
9b534060bf
commit
d57d8098fc
@ -43,6 +43,8 @@ module TranslationHelper
|
||||
# a safe HTML string that won't be escaped by other HTML helper methods. This
|
||||
# naming convention helps to identify translations that include HTML tags so that
|
||||
# you know what kind of output to expect when you call translate in a template.
|
||||
# Note however that rule extends to interpolated values, so you are responsible
|
||||
# for passing them already escaped in the call, if they need to be.
|
||||
def translate(key, options = {})
|
||||
options.merge!(:rescue_format => :html) unless options.key?(:rescue_format)
|
||||
translation = I18n.translate(scope_key_by_partial(key), options)
|
||||
|
@ -634,6 +634,18 @@ en:
|
||||
|
||||
!images/i18n/demo_html_safe.png(i18n demo html safe)!
|
||||
|
||||
Please note that values are interpolated directly into the translation.
|
||||
If they need to be escaped you need to pass them already escaped in the +t+ call.
|
||||
|
||||
<erb>
|
||||
# config/locales/en.yml
|
||||
en:
|
||||
welcome_html: <b>Welcome %{name}!</b>
|
||||
|
||||
<%# Note the call to h() to avoid injection %>
|
||||
<%= t('welcome_html', :name => h(user.name)) %>
|
||||
</erb>
|
||||
|
||||
h3. How to Store your Custom Translations
|
||||
|
||||
The Simple backend shipped with Active Support allows you to store translations in both plain Ruby and YAML format. [2]
|
||||
|
Loading…
Reference in New Issue
Block a user