tags:

views:

220

answers:

2
+1  Q: 

Rails 3 widget helper partial

Hi!

I ran into a big problem in moving my application to Rails 3. I have a view helper which i call 'WidgetHelper'. It helps to render some partials automatically when i refer to it. For example

<%= widget('loginbox', :global => true) %>

But it not works correctly. It renders HTML code as I want, but escapes the return value, what is not expected. How can I tell to render (or to something) to not escape the return value for me?

Here is my code:

  def widget(widget, options={})
    begin
      unless options[:fullpath]
        render :partial => widget_path(widget, options[:global])
      else
        render "widgets/#{widget}"
      end
    rescue ActionView::MissingTemplate
      "<!-- widget: #{widget.inspect}, #{options.inspect} -->"
    end
  end
+1  A: 

Rails 3 changed the way that content filtering works - it by default assumes you want everything filtered.

You can correct this using html_safe:

"<!-- widget: #{widget.inspect}, #{options.inspect} -->".html_safe

See: http://asciicasts.com/episodes/204-xss-protection-in-rails-3

Jamie Wong  2010-09-16 21:05:54
+2  A:  
def widget(widget, options={})
  begin
    unless options[:fullpath]
      raw render(:partial => widget_path(widget, options[:global]))
    else
      raw render("widgets/#{widget}"))
    end
  rescue ActionView::MissingTemplate
    raw "<!-- widget: #{widget.inspect}, #{options.inspect} -->"
  end
end

The raw method of Rails 3 does the reverse of h method in Rails 2. Escaping a string was done with the h method on Rails 2. On Rails 3, strings output from a view are escaped by default, and the escaping can be disabled by the raw method.

edgerunner  2010-09-16 21:19:00
Thank you, it works well. I add score for you and for @Jamie Wong too, because i used both solution in my app.
Gabor Garami  2010-09-17 10:18:26
This seems kind of backwards in my mind - when would you ever want widget without raw? Specifying you want the raw should be part of the definition in my mind, not the invocation.
Jamie Wong  2010-09-17 14:48:33
You're right Jamie. Fix coming up.
edgerunner  2010-09-17 20:21:58

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.