Rails I18n changes apostrophe to ASCII

Question

I'm using responders gem, and I want to show validation errors when form is not valid. In my controller I created the interpolation_action

def interpolation_options
  { resource_errors: @project_user.errors.full_messages.join(', ') }
end

and my reponders translation file has a proper key:

project_users:
  create:
    notice: "Member has been added"
    alert: "%{resource_errors}"

It works well and I can see validation error message, the problem is that apostrophe is changed to ASCII code.

enter image description here

score 2 · Accepted Answer · answered Mar 02 '15 at 10:31

2

Does Responder still require you to add the flash in your html? In that case you could do something like <%= flash[:alert].html_safe %> to enforce html on your flash message, even for the escaped characters.

answered Mar 02 '15 at 10:31

Kobus Post

154
9

1

This is potentially dangerous. If you go this way, you have to ensure that you manually escape all user-provided data which might be shown in the flash (e.g. "'foo bar baz' is not a valid Flurb"). If you fail to escape the values manually, you have an XSS vulnerability. – Holger Just Mar 02 '15 at 13:10

Rails I18n changes apostrophe to ASCII

1 Answers1