ansaurus

Question

Answer 1

+6 A:

ö and ä are valid characters in HTML. There is no need to escape them, even if there are HTML entities for them. These entities are convenience, not necessity - as long as the declared encoding (HTTP headers) and the actual character encoding matches, there is no problem if they occur literally.

The only characters that always must be escaped are <, >, & and ", like in XML.

Tomalak 2009-09-26 17:33:27

Mato 2009-09-26 17:46:54

Whydo you want that? It would give no benefit, increase HTML source size and is a pain in the a** for people that want to work with the HTML source code for some reason. I'd prefer the actual characters in the source code wherever possible, I think Rails does the right thing.

Tomalak 2009-09-26 18:16:38

Answer 2

+1 A:

I would say that h only replaces the HTML special characters <, >, & and ". Please have a look on documentation of Rails's ERB::Util.html_escape which is behind the h function.

Thomas 2009-09-26 17:34:20

Answer 3

+1 A:

Google sitemap requires fully escaped URLs, so in this case you need to escape all special and international characters.

This htmlentities library does that for you.

I even wrote a little wrapper in the application_helper.rb:

def html_entity_escape(s)
  require 'htmlentities'
  @html_coder ||= HTMLEntities.new
  @html_coder.encode(s)
end

Leventix 2010-01-13 09:41:14

ansaurus

tags:

views:

answers:

Rails: html_escape isn't working

related questions