views:

335

answers:

2

Hi,

I have this nice class ErrorFormBuilder that allows me to add the error description near the corresponding field in the form view :

    class ErrorFormBuilder < ActionView::Helpers::FormBuilder
  #Adds error message directly inline to a form label
  #Accepts all the options normall passed to form.label as well as:
  #  :hide_errors - true if you don't want errors displayed on this label
  #  :additional_text - Will add additional text after the error message or after the label if no errors
  def label(method, text = nil, options = {})
    #Check to see if text for this label has been supplied and humanize the field name if not.
    text = text || method.to_s.humanize
    #Get a reference to the model object
    object = @template.instance_variable_get("@#{@object_name}")

    #Make sure we have an object and we're not told to hide errors for this label
    unless object.nil? || options[:hide_errors]
      #Check if there are any errors for this field in the model
      errors = object.errors.on(method.to_sym)
      if errors
        #Generate the label using the text as well as the error message wrapped in a span with error class
        text += " <br/><span class=\"error\">#{errors.is_a?(Array) ? errors.first : errors}</span>"
      end
    end
    #Add any additional text that might be needed on the label
    text += " #{options[:additional_text]}" if options[:additional_text]
    #Finally hand off to super to deal with the display of the label
    super(method, text, options)
  end
end

But the HTML :

text += " <br/><span class=\"error\">#{errors.is_a?(Array) ? errors.first : errors}</span>"

is escaped by default in the view... I tried to add the {:escape => false} option :

super(method, text, options.merge({:escape => false}))

without success

Is there any way to bypass this behavior ?

Thanks

+2  A: 

Have you tried making your string html_safe?

irb(main):010:0> a = "A string"
=> "A string"
irb(main):011:0> a.html_safe?
=> false
irb(main):012:0> b = a.html_safe
=> "A string"
irb(main):013:0> b.html_safe?
=> true

See http://www.railsdispatch.com/posts/security and scroll down to "What you need to know" near the bottom:

In general, you can build your Rails app exactly as before. Rails will automatically escape any Strings that it doesn’t create. In almost all cases, this is the right behavior, with no further modifications required.

If Rails is escaping a String that you want to pass through without escaping, simply mark it safe. If you create a String in a helper, you may want to mark parts of it as safe.

I can't test whether this will work in your sub-classed helper, but I'd think so.

MikeF
A: 

Just use <%= raw your_variable_here %>

Alex