Same problem here but solved! hopefully this is helpful. Solution was to watch Ryan Bates Railscast on Rails 3 XSS, and then to ensure any strings being sent out by my form and custom helpers was HTML Safe => Just look for where the helpers are rendering tags and string and add the ".html_safe" method on the end.
Hope this is helpful -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
