Login/Register
How to make rails 3 I18n translation automatically safe?
Asked Answered
Solved ruby-on-rails-3internationalizationautomationhtml-safe
S

3

6

I use rails 3. Is there any easy way to tell I18n to respect 'html safness' of string used in interpolation and make all translated string html safe by default? So if I have this en.yml:

en:
  user_with_name: 'User with name <em>%{name}</em>'

and I use t('user_with_name', :name => @user.name), I get users name html escaped, but <em> and </em> is left as is?

Sheepshanks answered 31/3, 2011 at 15:17 Comment(0)
V
2

Old question, but if someone wants to achieve this, here's the monkey patch I came up with :

module ActionView
  module Helpers
    module TranslationHelper
      private
      def html_safe_translation_key?(key)
        true
      end
    end
  end
end

Put this in an initializers and that's it! Works with Rails 3.2.6. Only marks the text in localization files as safe, not the interpolation parameters.

Vladimir answered 27/7, 2012 at 12:44 Comment(4)
Seems to be easiest solution, need to test itSheepshanks
Works on rails 3.0.17 too. I'm using so that I can put &eacute; into YML files. They get upset if you mix latin-1 and UTF...Menses
No need to monkey patch at all, since interpolated variables are escaped automatically. See the answer by @onurozgurozkan. That should really be the accepted answer.Ballyrag
Works on 5.0.0 too.Leafy
M
6

http://guides.rubyonrails.org/i18n.html#using-safe-html-translations

The official Rails guide says you can use the interpolated variables without concern, since they are html escaped automatically, unless you specifically declare them to be String.html_safe.

From the guide:

Interpolation escapes as needed though. For example, given:

en:
  welcome_html: "<b>Welcome %{username}!</b>"

you can safely pass the username as set by the user:

<%# This is safe, it is going to be escaped if needed. %>
<%= t('welcome_html', username: @current_user.username %>

Safe strings on the other hand are interpolated verbatim.

Mabel answered 27/4, 2012 at 11:1 Comment(1)
This should be the accepted answer, as it is correct, and the simplest way of solving the problem.Ballyrag
P
5

Change the name from user_with_name to user_with_name_html, then rails will know you have included html in the text.

Partheniaparthenocarpy answered 1/4, 2011 at 11:41 Comment(1)
I know about this way, but this is a very bad way: 1) It does not sanitize intepolation params, so any way I should do this, or I can get into trobles 2) I need to add this prefix 3) As I am writing all xxx.ymls, than I know what is in there, so why use prefix at all?? 4) I want this to work automatically!Sheepshanks
V
2

Old question, but if someone wants to achieve this, here's the monkey patch I came up with :

module ActionView
  module Helpers
    module TranslationHelper
      private
      def html_safe_translation_key?(key)
        true
      end
    end
  end
end

Put this in an initializers and that's it! Works with Rails 3.2.6. Only marks the text in localization files as safe, not the interpolation parameters.

Vladimir answered 27/7, 2012 at 12:44 Comment(4)
Seems to be easiest solution, need to test itSheepshanks
Works on rails 3.0.17 too. I'm using so that I can put &eacute; into YML files. They get upset if you mix latin-1 and UTF...Menses
No need to monkey patch at all, since interpolated variables are escaped automatically. See the answer by @onurozgurozkan. That should really be the accepted answer.Ballyrag
Works on 5.0.0 too.Leafy

© 2022 - 2024 — McMap. All rights reserved.