tags:

views:

200

answers:

1
Q: 

How do I echo a GET variable inside Rails?

I've created an iFrame component for people to integrate into their websites. The iFrame needs to be passed a GET variable from the URL string when the page is loaded on the remote site. In this case, the parent page would be called as http://www.theirsite.com/tracking=12345 and the tracking variable should be written into the html code on the remote page for the iframe when the page is rendered.

I've created versions of the code for each major language except rails. The PHP version of the code is shown below.

As a complete Rails neophyte, I'm hoping someone can generate a similar code snippet for Rails with XSS protection similar to htmlentities().

I publish the code for people to grab and copy into their sites. 

... src="mysite.com?tracking=<?php echo htmlentities($_GET['tracking']); ?>" ...
+1  A: 

The params hash contains a collection of all GET and POST variables:

... src="mysite.com?tracking=<%= CGI::escape(params[:tracking]) %>" ...

The CGI:escape() function encodes the parameter for a URL and may help prevent XSS attacks.

Schrockwell  2009-05-06 17:53:08
Actually, html_escape/h is the wrong thing to use here. You need to URL encode. Best solution: Make a helper for: Addressable::URI.encode_component(value, Addressable::URI::CharacterClasses::QUERY) Crappy solution: URI.escape(value)
Bob Aman  2009-05-06 19:20:47
You are right, though it looks like CGI::escape(value) is an appropriate choice. I've edited the answer to reflect this.
Schrockwell  2009-05-06 20:55:05
Perfect! Thanks, guys!
 2009-05-06 22:47:19

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.