diff --git a/plugins/custom_forms/lib/custom_forms_plugin/helper.rb b/plugins/custom_forms/lib/custom_forms_plugin/helper.rb index 7984b6c..66b2a62 100644 --- a/plugins/custom_forms/lib/custom_forms_plugin/helper.rb +++ b/plugins/custom_forms/lib/custom_forms_plugin/helper.rb @@ -71,7 +71,7 @@ module CustomFormsPlugin::Helper def display_custom_field(field, submission, form) sanitized_name = ActionView::Base.white_list_sanitizer.sanitize field.name answer = submission.answers.select{|answer| answer.field == field}.first - field_tag = send("display_#{type_for_options(field.class)}",field, answer, form) + field_tag = send("display_#{type_for_options(field.class)}",field, answer, form).html_safe if field.mandatory? && submission.id.nil? required(labelled_form_field(sanitized_name, field_tag)) else diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb index e982a12..812eb25 100644 --- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb +++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_field.html.erb @@ -12,7 +12,7 @@ <%= f.hidden_field(:position) %> <%= f.hidden_field :_destroy, :class => 'destroy-field' %> - <%= button_to_function :delete, _('Remove field'), "customFormsPlugin.removeFieldBox(this, #{CGI::escapeHTML(_('Are you sure you want to remove this field?').to_json)})" %> + <%= button_to_function :delete, _('Remove field'), "customFormsPlugin.removeFieldBox(this, #{_('Are you sure you want to remove this field?').to_json})" %> <%= yield %> diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb index 8e757c8..bc6dddd 100644 --- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb +++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/_form.html.erb @@ -51,8 +51,8 @@
- <%= button(:add, _('Add a new text field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::TextField).to_json)}); return false")%> - <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{CGI::escapeHTML(html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json)}); return false")%> + <%= button(:add, _('Add a new text field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{html_for_field(f, :fields, CustomFormsPlugin::TextField).to_json}); return false")%> + <%= button(:add, _('Add a new select field'), '#', :onclick => "customFormsPlugin.addFields(this, 'fields', #{html_for_field(f, :fields, CustomFormsPlugin::SelectField).to_json}); return false")%>
<%= button_bar do %> diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb index f312254..cd31867 100644 --- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb +++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_alternative.html.erb @@ -7,6 +7,6 @@ <%= f.hidden_field :_destroy, :class => 'destroy-field' %> - <%= button_to_function_without_text :remove, _('Remove alternative'), "customFormsPlugin.removeAlternative(this, #{CGI::escapeHTML(_('Are you sure you want to remove this alternative?').to_json)})", :class => 'remove-field', :title => _('Remove alternative') %> + <%= button_to_function_without_text :remove, _('Remove alternative'), "customFormsPlugin.removeAlternative(this, #{_('Are you sure you want to remove this alternative?').to_json})", :class => 'remove-field', :title => _('Remove alternative') %> diff --git a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb index bf8af8e..1ba3499 100644 --- a/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb +++ b/plugins/custom_forms/views/custom_forms_plugin_myprofile/custom_forms_plugin/_select_field.html.erb @@ -22,7 +22,7 @@ - <%= button(:add, _('Add a new alternative'), '#', :onclick => "customFormsPlugin.addFields(this, 'alternatives', #{CGI::escapeHTML(html_for_field(f, :alternatives, CustomFormsPlugin::Alternative).to_json)}); return false") %> + <%= button(:add, _('Add a new alternative'), '#', :onclick => "customFormsPlugin.addFields(this, 'alternatives', #{html_for_field(f, :alternatives, CustomFormsPlugin::Alternative).to_json}); return false") %> diff --git a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb index c83b657..64ec9f8 100644 --- a/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb +++ b/plugins/custom_forms/views/custom_forms_plugin_profile/show.html.erb @@ -1,7 +1,7 @@

<%= @form.name %>

-

<%= @form.description %>

+

<%= @form.description.html_safe %>

<% if @submission.id.nil? %> <% if @form.expired? %> diff --git a/plugins/custom_forms/views/shared/_form_submission.html.erb b/plugins/custom_forms/views/shared/_form_submission.html.erb index ec2f336..ecb9fe0 100644 --- a/plugins/custom_forms/views/shared/_form_submission.html.erb +++ b/plugins/custom_forms/views/shared/_form_submission.html.erb @@ -1,5 +1,5 @@ <% self.extend(CustomFormsPlugin::Helper) %> <% @form.fields.each do |field| %> - <%= display_custom_field(field, @submission, f.object_name) %> + <%= display_custom_field(field, @submission, f.object_name).html_safe %> <% end %> -- libgit2 0.21.2