diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-02-17 13:46:34 +0000 | 
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-02-17 13:46:34 +0000 | 
| commit | b1e7c95198e50186fe105c1de045c0c9df565f4c (patch) | |
| tree | 2c07fa4379a68824cb4c94232b11c7dea44dcbda | |
| parent | 80eeed612586c7970bc9d8831228e48ef1300bad (diff) | |
Mark the public body notes as html safe.hotfix/0.7.0.3
| -rw-r--r-- | app/views/public_body/show.rhtml | 2 | ||||
| -rw-r--r-- | app/views/request/new.rhtml | 52 | 
2 files changed, 27 insertions, 27 deletions
| diff --git a/app/views/public_body/show.rhtml b/app/views/public_body/show.rhtml index 7110ae9dd..8fc1eadda 100644 --- a/app/views/public_body/show.rhtml +++ b/app/views/public_body/show.rhtml @@ -58,7 +58,7 @@                  <% end %>                   <%= _('<a class="link_button_green" href="{{url}}">{{text}}</a>', :url=>new_request_to_body_url(:url_name => @public_body.url_name), :text=>_("Start"))%>              <% elsif @public_body.has_notes? %> -                <%= @public_body.notes_as_html %> +                <%= @public_body.notes_as_html.html_safe %>              <% elsif @public_body.not_requestable_reason == 'not_apply' %>                  <%= _('Freedom of Information law does not apply to this authority, so you cannot make                  a request to it.')%> diff --git a/app/views/request/new.rhtml b/app/views/request/new.rhtml index f396ea9ec..c16105560 100644 --- a/app/views/request/new.rhtml +++ b/app/views/request/new.rhtml @@ -7,26 +7,26 @@              $("#typeahead_response").load("<%=search_ahead_url%>?q="+encodeURI(this.value), function() {                  // When following links in typeahead results, open new tab/window                  $("#typeahead_response a").attr("target","_blank"); -                 +                  // Update the public body site search link                  $("#body-site-search-link").attr("href", "http://www.google.com/#q="+encodeURI($("#typeahead_search").val())+                                                  "+site:<%= @info_request.public_body.calculated_home_page %>");              });          })); -         +      });  </script>  <% @title = _("Make an {{law_used_short}} request to '{{public_body_name}}'",:law_used_short=>h(@info_request.law_used_short),:public_body_name=>h(@info_request.public_body.name))  %>      <h1><%= _('2. Ask for Information') %></h1> -     +      <% if @existing_request %>        <div class="errorExplanation" id="errorExplanation"><ul>        <li>         <%= _('{{existing_request_user}} already        created the same request on {{date}}. You can either view the <a href="{{existing_request}}">existing request</a>, -      or edit the details below to make a new but similar request.',:existing_request_user=>user_or_you_capital_link(@existing_request.user), :date=>simple_date(@existing_request.created_at), :existing_request=>request_url(@existing_request)) %>  +      or edit the details below to make a new but similar request.',:existing_request_user=>user_or_you_capital_link(@existing_request.user), :date=>simple_date(@existing_request.created_at), :existing_request=>request_url(@existing_request)) %>        </li>        </ul></div>      <% end %> @@ -37,7 +37,7 @@      <div id="request_header">          <div id="request_header_body"> -            <label class="form_label" for="info_request_public_body_id"><%= _('To:') %></label>  +            <label class="form_label" for="info_request_public_body_id"><%= _('To:') %></label>              <span id="to_public_body"><%=h(@info_request.public_body.name)%></span>              <div class="form_item_note">                  <% if @info_request.public_body.info_requests.size > 0 %> @@ -48,18 +48,18 @@              </div>              <% if @info_request.public_body.has_notes? %> -              <div id="request_header_text">     +              <div id="request_header_text">                  <h3><%= _('Special note for this authority!') %></h3> -                <p><%= @info_request.public_body.notes_as_html %></p> +                <p><%= @info_request.public_body.notes_as_html.html_safe %></p>                </div>              <% end %>          <% if @info_request.public_body.eir_only? %>              <h3><%= _('Please ask for environmental information only') %></h3> -            <p><%= _('The Freedom of Information Act <strong>does not apply</strong> to') %> <%=h(@info_request.public_body.name)%>.   +            <p><%= _('The Freedom of Information Act <strong>does not apply</strong> to') %> <%=h(@info_request.public_body.name)%>.              <%= _('However, you have the right to request environmental -            information under a different law') %> (<a href="/help/requesting#eir">explanation</a>).   +            information under a different law') %> (<a href="/help/requesting#eir">explanation</a>).              <%= _('This covers a very wide spectrum of information about the state of              the <strong>natural and built environment</strong>, such as:') %> @@ -79,21 +79,21 @@          <% end %>          </div> -        <div id="request_header_subject">  +        <div id="request_header_subject">              <p> -                <label class="form_label" for="typeahead_search"><%= _('Summary:') %></label>  +                <label class="form_label" for="typeahead_search"><%= _('Summary:') %></label>                  <%= f.text_field :title, :size => 50, :id =>"typeahead_search" %>              </p>              <div class="form_item_note"> -                (<%= _("a one line summary of the information you are requesting, \n\t\t\te.g.") %>  +                (<%= _("a one line summary of the information you are requesting, \n\t\t\te.g.") %>                    <%= render :partial => "summary_suggestion" %>)              </div>          </div> -         +          <div id="typeahead_response">          </div>      </div> -   +      <div id="request_advice">          <ul>          <li><%= _('Write your request in <strong>simple, precise language</strong>.') %></li> @@ -102,35 +102,35 @@          </ul>      </div> -    <div id="request_form">  +    <div id="request_form">          <% fields_for :outgoing_message do |o| %>          <p> -            <label class="form_label" for="outgoing_message_body"><%= _('Your request:') %></label>  +            <label class="form_label" for="outgoing_message_body"><%= _('Your request:') %></label>              <%= o.text_area :body, :rows => 20, :cols => 60 %>          </p>          <% end %> -     +          <% if !@user %>              <p class="form_note"> -                <%= raw(_('Everything that you enter on this page, including <strong>your name</strong>,  +                <%= raw(_('Everything that you enter on this page, including <strong>your name</strong>,                  will be <strong>displayed publicly</strong> on -                this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %>   +                this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %>                  <%= raw(_('If you are thinking of using a pseudonym,                  please <a href="%s">read this first</a>.') % [help_privacy_path+"#real_name"]) %>              </p>          <% else %>              <p class="form_note"> -                <%= raw(_('Everything that you enter on this page  +                <%= raw(_('Everything that you enter on this page                  will be <strong>displayed publicly</strong> on -                this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %>   +                this website forever (<a href="%s">why?</a>).') % [help_privacy_path+"#public_request"]) %>              </p>          <% end %> -     +          <p class="form_note">              <%= raw(_("<strong> Can I request information about myself?</strong>\n" + -            "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"]) %>    +            "\t\t\t<a href=\"%s\">No! (Click here for details)</a>") % [help_requesting_path+"#data_protection"]) %>          </p> -     +          <div class="form_button">              <%= f.hidden_field(:public_body_id, { :value => @info_request.public_body_id } ) %>              <%= hidden_field_tag(:submitted_new_request, 1 ) %> @@ -140,14 +140,14 @@          <% if !@info_request.tag_string.empty? %>              <p class="form_note"> -                <!-- <label class="form_label" for="info_request_tag_string">Tags:</label>  +                <!-- <label class="form_label" for="info_request_tag_string">Tags:</label>                  <%= f.text_field :tag_string, :size => 50 %> -->                  <%= f.hidden_field(:tag_string) %>                  <strong>Tags:</strong> <%=h @info_request.tag_string %>              </p>          <% end %> -     +          </div>  <% end %> | 
