How to make rails 3 I18n translation automatically safe?

Question

I use rails 3. Is there any easy way to tell I18n to respect 'html safness' of string used in interpolation and make all translated string html safe by default? So if I have this en.yml:

en:
  user_with_name: 'User with name <em>%{name}</em>'

and I use t('user_with_name', :name => @user.name), I get users name html escaped, but <em> and </em> is left as is?

score 6 · Answer 1 · edited Feb 05 '15 at 09:59

http://guides.rubyonrails.org/i18n.html#using-safe-html-translations

The official Rails guide says you can use the interpolated variables without concern, since they are html escaped automatically, unless you specifically declare them to be String.html_safe.

From the guide:

Interpolation escapes as needed though. For example, given:

en:
  welcome_html: "<b>Welcome %{username}!</b>"

you can safely pass the username as set by the user:

<%# This is safe, it is going to be escaped if needed. %>
<%= t('welcome_html', username: @current_user.username %>

Safe strings on the other hand are interpolated verbatim.

This should be the accepted answer, as it is correct, and the simplest way of solving the problem. — Magne, Feb 05 '15 at 10:02

score 5 · Answer 2 · edited Aug 01 '12 at 18:03

5

Change the name from user_with_name to user_with_name_html, then rails will know you have included html in the text.

edited Aug 01 '12 at 18:03

GDP

8,109
6
45
82

answered Apr 01 '11 at 11:41

user444349

51
1

2

I know about this way, but this is a very bad way: 1) It does not sanitize intepolation params, so any way I should do this, or I can get into trobles 2) I need to add this prefix 3) As I am writing all xxx.ymls, than I know what is in there, so why use prefix at all?? 4) I want this to work automatically! – tig Apr 01 '11 at 13:04

Anthony Alberto · Accepted Answer · 2012-09-09T01:34:35.567

2

Old question, but if someone wants to achieve this, here's the monkey patch I came up with :

module ActionView
  module Helpers
    module TranslationHelper
      private
      def html_safe_translation_key?(key)
        true
      end
    end
  end
end

Put this in an initializers and that's it! Works with Rails 3.2.6. Only marks the text in localization files as safe, not the interpolation parameters.

edited Sep 09 '12 at 01:34

answered Jul 27 '12 at 12:44

Anthony Alberto

10,325
3
34
38

Seems to be easiest solution, need to test it – tig Jul 27 '12 at 14:06
Works on rails 3.0.17 too. I'm using so that I can put é into YML files. They get upset if you mix latin-1 and UTF... – mcr Sep 25 '12 at 17:45
1

No need to monkey patch at all, since interpolated variables are escaped automatically. See the answer by @onurozgurozkan. That should really be the accepted answer. – Magne Feb 05 '15 at 10:02
Works on 5.0.0 too. – PragmaticEd Jan 16 '17 at 12:47

How to make rails 3 I18n translation automatically safe?

3 Answers3