ansaurus

Question

rails: how to html encode/escape a string? is there a built-in?

Answer 1

+6 A:

The h helper method!

<%=h "<p> will be preserved" %>

Trevor Bramble 2009-03-28 15:14:54

Well, it also escapes >, which is unnecessary, but it'll do.

kch 2009-03-28 15:16:28

You can use parentheses to print some with h and some without. <%= h("<p") + ">" %>

Trevor Bramble 2009-03-28 15:18:29

Now that would be silly. I don't care much if it gets escaped or not. I'm just noting it's not required per the html specs.

kch 2009-03-28 15:20:45

It's *occasionally* required in XHTML due to the XML spec's rather annoying insistence that ‘]]>’ be kept out of text (see the ‘CharData’ production). This makes it generally easier (and harmless) to always escape it.

bobince 2009-03-28 21:55:44

Answer 2

+3 A:

You can use either h() or html_escape(), but most people use h() by convention. h() is short for html_escape() in rails.

In your controller:

@stuff = "<b>Hello World!</b>"

In your view:

<%=h @stuff %>

If you view the HTML source: you will see the output without actually bolding the data. I.e. it is encoded as <b>Hello World!</b>.

It will appear an be displayed as <b>Hello World!</b>

Brian R. Bondy 2009-03-29 19:59:47

Answer 3

A:

doesn't appear to encode double-quotes.

2009-06-30 15:29:17

Answer 4

+1 A:

Checkout the Ruby CGI class. There are methods to encode and decode HTML as well as URLs.

CGI::escapeHTML('Usage: foo "bar" <baz>')
# => "Usage: foo &quot;bar&quot; &lt;baz&gt;"

Christopher Bradford 2010-09-30 13:52:33

ansaurus

tags:

views:

answers:

rails: how to html encode/escape a string? is there a built-in?

related questions