Preventing HTML character entities in locale files from getting munged by Rails3 xss protection

Question

We\'re building an app, our first using Rails 3, and we\'re having to build I18n in from the outset. Being perfectionists, we want real typography to be used in our views: dashe

Answer 1

If you don't wanna expose to the possibility of a mistake by simple adding .html_safe (through alias_method_chain or w/e) to everything, the best solution is simply to use it whenever it is necessary.

In our site we use markup language to get HTML output from i18n locale files, since who translates those files are not developers, just translators.

If it is only on a few places that you need your HTML to really be HTML, use .html_safe

t('views.signup.organisation_details').html_safe

The simple markup language we have works pretty well for us, but that is really case-specific :)