diff --git a/app/helpers/action_tracker_helper.rb b/app/helpers/action_tracker_helper.rb
index b812bbf..dbd0902 100644
--- a/app/helpers/action_tracker_helper.rb
+++ b/app/helpers/action_tracker_helper.rb
@@ -5,12 +5,12 @@ module ActionTrackerHelper
end
def new_friendship_description ta
- n_('has made 1 new friend:
%{name}', 'has made %{num} new friends:
%{name}', ta.get_friend_name.size) % {
+ n_('has made 1 new friend:
%{name}', 'has made %{num} new friends:
%{name}', ta.get_friend_name.size).html_safe % {
num: ta.get_friend_name.size,
- name: ta.collect_group_with_index(:friend_name) do |n,i|
+ name: safe_join(ta.collect_group_with_index(:friend_name) do |n,i|
link_to image_tag(ta.get_friend_profile_custom_icon[i] || default_or_themed_icon("/images/icons-app/person-icon.png")),
ta.get_friend_url[i], title: n
- end.join
+ end)
}
end
diff --git a/app/views/mailing/sender/notification.html.erb b/app/views/mailing/sender/notification.html.erb
index 52deb71..3c50ca9 100644
--- a/app/views/mailing/sender/notification.html.erb
+++ b/app/views/mailing/sender/notification.html.erb
@@ -4,7 +4,7 @@
- <%= word_wrap(@message) %>
+ <%= raw word_wrap(@message) %>
--
<%= @signature_message %>
diff --git a/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb b/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
index dc48922..416791c 100644
--- a/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
+++ b/plugins/breadcrumbs/lib/breadcrumbs_plugin/content_breadcrumbs_block.rb
@@ -63,12 +63,12 @@ class BreadcrumbsPlugin::ContentBreadcrumbsBlock < Block
breadcrumb << content_tag('div', section_name, :class => 'section-name')
end
- breadcrumb
+ breadcrumb.html_safe
else
''
end
end)
- ret.html_safe
+ ret
end
def cacheable?
diff --git a/plugins/community_block/views/blocks/community.html.erb b/plugins/community_block/views/blocks/community.html.erb
index a5a4a1c..03622c8 100644
--- a/plugins/community_block/views/blocks/community.html.erb
+++ b/plugins/community_block/views/blocks/community.html.erb
@@ -23,7 +23,7 @@
<%= link_to(
content_tag('span','',:class => 'community-block-button icon-arrow'),
'#',
- :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;",
+ :onclick => "toggleSubmenu(this,'',#{CGI::escapeHTML(links.to_json)}); return false;".html_safe,
:class => 'simplemenu-trigger') %>
<% end %>
diff --git a/plugins/context_content/lib/context_content_plugin/context_content_block.rb b/plugins/context_content/lib/context_content_plugin/context_content_block.rb
index 4451fe7..22a105b 100644
--- a/plugins/context_content/lib/context_content_plugin/context_content_block.rb
+++ b/plugins/context_content/lib/context_content_plugin/context_content_block.rb
@@ -89,13 +89,13 @@ class ContextContentPlugin::ContextContentBlock < Block
ret = proc do
contents = block.contents(@page)
parent_title = block.parent_title(contents)
- if !contents.blank?
+ if contents.present?
render(:file => 'blocks/context_content', :locals => {:block => block, :contents => contents, :parent_title => parent_title})
else
''
end
end
- ret.html_safe
+ ret
end
def cacheable?
diff --git a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
index 62eba25..1545f73 100644
--- a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
+++ b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb
@@ -6,9 +6,9 @@
<% if @submission.id.nil? %>
<% if @form.expired? %>
<% if @form.will_open? %>
-
<%= _('Sorry, you can\'t fill this form yet') %>
+ <%= _('Sorry, you can\'t fill this form yet').html_safe %>
<% else %>
- <%= _('Sorry, you can\'t fill this form anymore') %>
+ <%= _('Sorry, you can\'t fill this form anymore').html_safe %>
<% end %>
<% end %>
diff --git a/plugins/display_content/lib/display_content_block.rb b/plugins/display_content/lib/display_content_block.rb
index a1cae4f..0a390d9 100644
--- a/plugins/display_content/lib/display_content_block.rb
+++ b/plugins/display_content/lib/display_content_block.rb
@@ -177,9 +177,9 @@ class DisplayContentBlock < Block
content_sections += read_more_section if !read_more_section.blank?
#raise sections.inspect
- content_tag('li', content_sections)
+ content_tag('li', content_sections.html_safe)
end
- }.join(" "))
+ }.join(" ").html_safe)
end
end
diff --git a/plugins/event/views/event_plugin/event_block_item.html.erb b/plugins/event/views/event_plugin/event_block_item.html.erb
index ee03606..76d28e3 100644
--- a/plugins/event/views/event_plugin/event_block_item.html.erb
+++ b/plugins/event/views/event_plugin/event_block_item.html.erb
@@ -3,11 +3,11 @@
ev_days_tag = ''
if event.duration > 1
ev_days_tag = content_tag('time',
- n_('Duration: 1 day', 'Duration: %s days', event.duration) % "#{event.duration}",
+ n_('Duration: 1 day', 'Duration: %s days', event.duration).html_safe % "#{event.duration}".html_safe,
:itemprop => 'endDate',
:datetime => show_date(event.end_date) + 'T00:00',
:class => 'duration',
- :title => show_date(event.start_date) + ' — ' + time_left_str
+ :title => (show_date(event.start_date) + ' — ' + time_left_str).html_safe
)
end
diff --git a/plugins/metadata/lib/metadata_plugin/base.rb b/plugins/metadata/lib/metadata_plugin/base.rb
index d95602f..ba8080b 100644
--- a/plugins/metadata/lib/metadata_plugin/base.rb
+++ b/plugins/metadata/lib/metadata_plugin/base.rb
@@ -55,7 +55,7 @@ class MetadataPlugin::Base < Noosfero::Plugin
end
end
end
- r.join
+ safe_join(r)
end
end
diff --git a/plugins/newsletter/lib/newsletter_plugin/newsletter.rb b/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
index 4476d97..273da70 100644
--- a/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
+++ b/plugins/newsletter/lib/newsletter_plugin/newsletter.rb
@@ -110,11 +110,11 @@ class NewsletterPlugin::Newsletter < ActiveRecord::Base
include DatesHelper
def message_to_public_link
- content_tag(:p, _("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}'), :id => 'newsletter-public-link')
+ content_tag(:p, (_("If you can't view this email, %s.") % link_to(_('click here'), '{mailing_url}')).html_safe, :id => 'newsletter-public-link').html_safe
end
def message_to_unsubscribe
- content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.") % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe')
+ content_tag(:div, _("This is an automatically generated email, please do not reply. If you do not wish to receive future newsletter emails, %s.").html_safe % link_to(_("cancel your subscription here"), self.unsubscribe_url, :style => CSS['public-link']), :style => CSS['newsletter-unsubscribe'], :id => 'newsletter-unsubscribe').html_safe
end
def read_more(link_address)
@@ -130,13 +130,13 @@ class NewsletterPlugin::Newsletter < ActiveRecord::Base
end
def body(data = {})
- content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link'])+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header']))+self.posts(data).map do |post|
+ content_tag(:div, content_tag(:div, message_to_public_link, :style => CSS['newsletter-public-link']).html_safe+content_tag(:table,(self.image.nil? ? '' : content_tag(:tr, content_tag(:th, tag(:img, :src => "#{self.environment.top_url}#{self.image.public_filename}", :style => CSS['header-image']),:colspan => 2),:style => CSS['newsletter-header'])).html_safe+self.posts(data).map do |post|
if post.image
post_with_image(post)
else
post_without_image(post)
end
- end.join()+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews'])+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap'])
+ end.join().html_safe+content_tag(:tr, content_tag(:td, self.footer, :colspan => 2)),:style => CSS['breakingnews']).html_safe+content_tag(:div,message_to_unsubscribe, :style => CSS['newsletter-unsubscribe']),:style => CSS['breakingnews-wrap']).html_safe
end
def default_subject
diff --git a/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb b/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
index aed8078..157b96b 100644
--- a/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
+++ b/plugins/require_auth_to_comment/lib/require_auth_to_comment_plugin.rb
@@ -17,7 +17,7 @@ class RequireAuthToCommentPlugin < Noosfero::Plugin
end
def profile_editor_extras
- expanded_template('profile-editor-extras.html.erb')
+ expanded_template('profile-editor-extras.html.erb').html_safe
end
def stylesheet?
diff --git a/plugins/site_tour/views/tour_actions.html.erb b/plugins/site_tour/views/tour_actions.html.erb
index f2e8371..ab1bcd9 100644
--- a/plugins/site_tour/views/tour_actions.html.erb
+++ b/plugins/site_tour/views/tour_actions.html.erb
@@ -6,11 +6,11 @@
--
libgit2 0.21.2