When I generate a default scaffold, the display tags on show.html.erb have
<%=h @broker.name %>
I know the difference between <% and <%=. What's the "h" do?
views:
670answers:
4
+31
A:
html escape. It's a method that converts things like < and > into numerical character references so that rendering won't break your html.
JasonTrue
2008-11-17 20:16:45
+11
A:
<%=h is actually 2 things happening. You're opening an erb tag (<%=) and calling the Rails method 'h' to escape all symbols.
These two calls are equivalent:
<%=h person.first_name %> <%= h(person.first_name) %>
The "h" method is commonly used to escape HTML and Javascript from user-input forms.
+1
A:
It's worth noting that h is a method alias for html_escape from the ERB::Util class and you can find ERB API docs here:
Tim Harding
2008-11-19 19:48:14
A:
There is also a method in Rack to escape HTML Rack::Utils.escape_html in case you are in Metal and want to escape some HTML.
heycarsten
2009-05-29 16:07:38