7d0ba39309
Before, if your error message contained HTML tags, they were marked as safe. Some error messages may contain user input so this would lead a XSS vulnerability. Error messages are now always escaped. If users need to mark them as safe they will need to use the explicit `:error` option: f.input :name, error: raw('My <b>error</b>') |
||
---|---|---|
.. | ||
association_test.rb | ||
button_test.rb | ||
error_notification_test.rb | ||
error_test.rb | ||
general_test.rb | ||
hint_test.rb | ||
input_field_test.rb | ||
label_test.rb | ||
wrapper_test.rb |