I just hit a similar problem where I was concatenating strings with escapable characters within a formbuilder. I googled about and there seems to be a some logic being discussed that anything that is "magic security" is going to be a nightmare. My problems were quite isolated (the great thing about form builders)
What was: '<a id="' + field_name.to_s + '-help" href="#" class="tooltip" title="' + help + '">' Turned into '<a id="'.html_safe + field_name.to_s + '-help" href="#" class="tooltip" title="'.html_safe + help + '">'.html_safe I am sure there are other ways but this seemed the easiest for me for string concatenation. O. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
