7d0ba39309
Before, if your error message contained HTML tags, they were marked as safe. Some error messages may contain user input so this would lead a XSS vulnerability. Error messages are now always escaped. If users need to mark them as safe they will need to use the explicit `:error` option: f.input :name, error: raw('My <b>error</b>') |
||
---|---|---|
.. | ||
action_view_extensions | ||
components | ||
form_builder | ||
generators | ||
inputs | ||
support | ||
simple_form_test.rb | ||
test_helper.rb |