The string "Test '<3'" displays as "Test '<3>" in my Rails app

Question

I'm having a strange problem where a user can enter the following text

Test '<3'

and it outputs as

Test '<3>

On the output I'm using white_list, and the value stored in the database is:

'testing ''<3'''

What could be causing the output to think it's a tag of some sort and trying to close it (which is what it looks like to me).

Thanks!

Answer 1

Special characters in Ruby such as &, < and @ can sometimes be misinterpreted. Try using the "h" method in .rhtml pages.

<strong><%= h("This is a quick Test'<3'.") %></strong>

Will output:

<strong>This is a quick Test'&lt;3'.</strong>

So your browser will interpret it as:

This is a quick Test'<3'.

(I'm still relatively new to Ruby so I'm open to correction!)