Rails 3 - How to escape flash message -

should flash message escaped automatically rails? if not, how ensure message gets escaped (without using cgi::escapehtml)?

after doing searching, figured out should escaped, , 1 got html_safe message display html. when try

flash[:error] = "<b>yo</b>" 

it displayed bold yo , not <b>yo</b>. note string object not html_safe itself.

you should use html_safe in controller flash message want escaped. remove raw function view.

flash[:error] = "<b>yo</b>".html_safe