Instead of marking the flash value as html_safe it is better to proper sanitize it when presenting in your view. I believe <%= sanitize(flash[:notice) %> would work fine.
Rafael Mendonça França http://twitter.com/rafaelfranca https://github.com/rafaelfranca On Mon, Jun 16, 2014 at 12:35 PM, Justin Coyne <jus...@curationexperts.com> wrote: > I believe due to this change: > https://github.com/rails/rails/pull/13945#issuecomment-34090370 we're no > longer able to set html_safe strings in the flash message. Is this a bug? > Does anyone have an opinion on the right way set a flash message with a > link in it now? > > -Justin > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-core+unsubscr...@googlegroups.com. > To post to this group, send email to rubyonrails-core@googlegroups.com. > Visit this group at http://groups.google.com/group/rubyonrails-core. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-core@googlegroups.com. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
