{"id":22856448,"url":"https://github.com/quadule/html_safe_flash","last_synced_at":"2026-02-06T07:02:59.361Z","repository":{"id":65189808,"uuid":"586683176","full_name":"quadule/html_safe_flash","owner":"quadule","description":"Use html_safe strings naturally in Rails flash messages","archived":false,"fork":false,"pushed_at":"2025-01-13T18:36:45.000Z","size":28,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-16T12:54:45.843Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/quadule.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-01-09T00:42:13.000Z","updated_at":"2025-01-13T18:36:46.000Z","dependencies_parsed_at":"2025-04-14T10:35:30.779Z","dependency_job_id":"dd6d7f4e-f7c0-405f-a2bc-7306a1e91c84","html_url":"https://github.com/quadule/html_safe_flash","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/quadule/html_safe_flash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quadule%2Fhtml_safe_flash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quadule%2Fhtml_safe_flash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quadule%2Fhtml_safe_flash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quadule%2Fhtml_safe_flash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/quadule","download_url":"https://codeload.github.com/quadule/html_safe_flash/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quadule%2Fhtml_safe_flash/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265558596,"owners_count":23787949,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-13T08:08:38.396Z","updated_at":"2026-02-06T07:02:54.341Z","avatar_url":"https://github.com/quadule.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# html_safe_flash\nUse `html_safe` strings naturally in Rails flash messages.\n\n## Installation\nAdd this line to your application's Gemfile anywhere after `rails`:\n\n```ruby\ngem \"html_safe_flash\"\n```\n\n## Usage\nStore any `html_safe` string (or an array of them) in the Rails `flash` object:\n\n```ruby\nclass PostsController \u003c ApplicationController\n  def create\n    @post.save!\n    flash[:success] = \"Done! Go view your #{link_to \"post\", @post}.\".html_safe\n    redirect_to :index\n  end\nend\n```\n\nThis gem patches `ActionDispatch::Flash::FlashHash` to track any `html_safe` values internally.\nIn the example above, this is the actual flash data stored in the session cookie:\n\n```json\n{\n  \"success\": \"Done! Go view your \u003ca href='/posts/1'\u003epost\u003c/a\u003e.\",\n  \"_html_safe_keys\": [\"success\"]\n}\n```\n\nOn the next request, the `_html_safe_keys` metadata is removed and the `success` message is converted back to an `ActiveSupport::SafeBuffer` automatically.\n\nWithout this gem, the code above would not work as one might expect:\nCalling `html_safe` on the message returns a `ActiveSupport::SafeBuffer` object, which becomes a normal string when Rails stores it in the session cookie.\nWhen the cookie is loaded on the next page, the `html_safe?` state of the message would be lost.\n\n## Why?\n\nUsing `html_safe` like this was possible in old versions of Rails, which serialized cookies using `Marshal`, allowing arbitrary objects like `ActiveSupport::SafeBuffer` to be stored.\nIn Rails 4.1 this was changed for security reasons, and cookie data is limited to the basic types supported by the default `JSON` serializer.\n\nWithout a way to store `html_safe` values, some applications work around the issue by rendering every flash message with `html_safe` or `raw`. This can become a cross-site scripting security vulnerability if a message ever includes unescaped user input.\n\n## License\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquadule%2Fhtml_safe_flash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquadule%2Fhtml_safe_flash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquadule%2Fhtml_safe_flash/lists"}