61bf9a5c73
The difference is `html_safe` allows every HTML tag, including the `<script>` tag, while `sanitize` only allows tags which are considered safe. In this case, we want to allow a `<span>` tag in a translation, and links inside flash messages.
13 lines
473 B
Plaintext
13 lines
473 B
Plaintext
<% flash.each do |flash_key, flash_message| %>
|
|
<div id="<%= flash_key %>" data-alert class="notice-container callout-slide" data-closable>
|
|
<div class="callout notice <%= flash_key %>">
|
|
<button class="close-button" aria-label="<%= t("application.close") %>" type="button" data-close>
|
|
<span aria-hidden="true">×</span>
|
|
</button>
|
|
<div class="notice-text">
|
|
<%= sanitize(flash_message) %>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<% end %>
|