7d0ba39309
Before, if your error message contained HTML tags, they were marked as safe. Some error messages may contain user input so this would lead a XSS vulnerability. Error messages are now always escaped. If users need to mark them as safe they will need to use the explicit `:error` option: f.input :name, error: raw('My <b>error</b>') |
||
---|---|---|
.. | ||
errors.rb | ||
hints.rb | ||
html5.rb | ||
label_input.rb | ||
labels.rb | ||
maxlength.rb | ||
min_max.rb | ||
pattern.rb | ||
placeholders.rb | ||
readonly.rb |