Greetings all. I''m using the Microsoft "NorthWind Traders" database "orders" table as test data for the Rico LiveGrid JavaScript. The problem I''m noticing is that some of the records in the "ShipName" field contain ampersands -- which for some reason are not being escaped by Rails. Rails does in fact automatically escape all of the other characters like apostrophes'' that might otherwise cause problems. However it returns ampersands as ampersands with no escape character or other modification and this of course does not play well with the LiveGrid JavaScript. For reference, I''m using MySQL and the following is a test query (that works on both the command line and in Rails) that will return record 24 that should return a record containing the ShipName "Split Rail Beer & Ale": @orders = Order.find( :all, :select => "id, ShipName ", :conditions => "id = 24") ) Is there a way in Rails to force the query to return an escaped ampersand? I looked through both the Rails and MySQL documentation and did not see anything that might solve this problem. Thanks, Doug -- Posted via http://www.ruby-forum.com/.
Doug Meharry wrote:> Greetings all. > > I''m using the Microsoft "NorthWind Traders" database "orders" table as > test data for the Rico LiveGrid JavaScript. > > The problem I''m noticing is that some of the records in the "ShipName" > field contain ampersands -- which for some reason are not being escaped > by Rails. > > Rails does in fact automatically escape all of the other characters like > apostrophes'' that might otherwise cause problems. However it returns > ampersands as ampersands with no escape character or other modification > and this of course does not play well with the LiveGrid JavaScript. > > For reference, I''m using MySQL and the following is a test query (that > works on both the command line and in Rails) that will return record 24 > that should return a record containing the ShipName "Split Rail Beer & > Ale": > > @orders = Order.find( :all, > :select => "id, ShipName ", > :conditions => "id = 24") > ) > > Is there a way in Rails to force the query to return an escaped > ampersand? I looked through both the Rails and MySQL documentation and > did not see anything that might solve this problem. > > Thanks, > > DougHere is a work-around/solution I came up with to escape selected characters (in this case -- an ampersand -- but could be anything). Anyone have any better ideas, please share. Thanks! for order in @orders order.attributes.each{|key, value| value = value.to_s.sub(/[&]/, "&") order[key] = value } end Doug -- Posted via http://www.ruby-forum.com/.
On 10 Aug 2006, at 9:40 pm, Doug Meharry wrote:>> The problem I''m noticing is that some of the records in the >> "ShipName" >> field contain ampersands -- which for some reason are not being >> escaped >> by Rails. >> >> Rails does in fact automatically escape all of the other >> characters like >> apostrophes'' that might otherwise cause problems. However it returns >> ampersands as ampersands with no escape character or other >> modification >> and this of course does not play well with the LiveGrid JavaScript.ActiveRecord returns the data in the database ''as-is''. It doesn''t assume that you''re going to be outputting it as part of an HTML page. Escaping apostrophes as data goes *into* the database is a SQL- related issue, which is why ActiveRecord does it automatically. Escaping ampersands in data coming *out* of the database is an HTML encoding issue, which is not ActiveRecord''s concern. The standard approach is to do this encoding in your view, using the h () function: <%= h order.ship_name %> This will encode &, < and > into their appropriate HTML entities. You could write some kind of wrapper function in your model to do this encoding, but again this is a presentation concern not a model concern, so I wouldn''t recommend it. Chris
On Aug 10, 2006, at 1:40 PM, Doug Meharry wrote:> Doug Meharry wrote: >> Greetings all. >> >> I''m using the Microsoft "NorthWind Traders" database "orders" >> table as >> test data for the Rico LiveGrid JavaScript. >> >> The problem I''m noticing is that some of the records in the >> "ShipName" >> field contain ampersands -- which for some reason are not being >> escaped >> by Rails. >> >> Rails does in fact automatically escape all of the other >> characters like >> apostrophes'' that might otherwise cause problems. However it returns >> ampersands as ampersands with no escape character or other >> modification >> and this of course does not play well with the LiveGrid JavaScript. >> >> For reference, I''m using MySQL and the following is a test query >> (that >> works on both the command line and in Rails) that will return >> record 24 >> that should return a record containing the ShipName "Split Rail >> Beer & >> Ale": >> >> @orders = Order.find( :all, >> :select => "id, ShipName ", >> :conditions => "id = 24") >> ) >> >> Is there a way in Rails to force the query to return an escaped >> ampersand? I looked through both the Rails and MySQL >> documentation and >> did not see anything that might solve this problem. >> >> Thanks, >> >> Doug > > Here is a work-around/solution I came up with to escape selected > characters (in this case -- an ampersand -- but could be anything). > Anyone have any better ideas, please share. Thanks! > > for order in @orders > order.attributes.each{|key, value| > value = value.to_s.sub(/[&]/, "&") > order[key] = value > } > endHeavens, no! In the view, just use: <%= h order.attribute %> h does HTML escaping. -- -- Tom Mornini
We are looking for a NYC based programmer to work on the server side of an online newspaper. This project is in rails, but we want someone who is a ruby developer first, and and a rails developer second. This project is for a site that actually does something. It''s not a sneaker ad. You will have a sense of acomplishement... Only friendly humans who can show previous work and code samples need apply. Listener is based in NYC and we need someone who can work onsite a few days a week. To learn about Listener goto http://listenerinteractive.com Best, Jean-Charles -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060811/aa317071/attachment.html
Doug Meharry wrote:> Doug Meharry wrote: >> Greetings all. >> >> I''m using the Microsoft "NorthWind Traders" database "orders" table as >> test data for the Rico LiveGrid JavaScript. >> >> The problem I''m noticing is that some of the records in the "ShipName" >> field contain ampersands -- which for some reason are not being escaped >> by Rails. >> >> Rails does in fact automatically escape all of the other characters like >> apostrophes'' that might otherwise cause problems. However it returns >> ampersands as ampersands with no escape character or other modification >> and this of course does not play well with the LiveGrid JavaScript. >> >> For reference, I''m using MySQL and the following is a test query (that >> works on both the command line and in Rails) that will return record 24 >> that should return a record containing the ShipName "Split Rail Beer & >> Ale": >> >> @orders = Order.find( :all, >> :select => "id, ShipName ", >> :conditions => "id = 24") >> ) >> >> Is there a way in Rails to force the query to return an escaped >> ampersand? I looked through both the Rails and MySQL documentation and >> did not see anything that might solve this problem. >> >> Thanks, >> >> Doug > > Here is a work-around/solution I came up with to escape selected > characters (in this case -- an ampersand -- but could be anything). > Anyone have any better ideas, please share. Thanks! > > for order in @orders > order.attributes.each{|key, value| > value = value.to_s.sub(/[&]/, "&") > order[key] = value > } > end > > DougThis morning Chris M. sent an email with the following solution which is much better than the above: ActiveRecord returns the data in the database ''as-is''. It doesn''t assume that you''re going to be outputting it as part of an HTML page. Escaping apostrophes as data goes *into* the database is a SQL- related issue, which is why ActiveRecord does it automatically. Escaping ampersands in data coming *out* of the database is an HTML encoding issue, which is not ActiveRecord''s concern. The standard approach is to do this encoding in your view, using the h () function: <%= h order.ship_name %> This will encode &, < and > into their appropriate HTML entities. You could write some kind of wrapper function in your model to do this encoding, but again this is a presentation concern not a model concern, so I wouldn''t recommend it. Chris Thanks Chris! -- Posted via http://www.ruby-forum.com/.
Reasonably Related Threads
- Ampersand in Folder names causing folders to disappear?
- ampersand in local-part
- two bugs in rsync 3.0.6 - ampersands in filenames, double quoting required
- Rails 2.3.5/Ruby1.8.7 Collection_Select Labels with ampersands "&"
- Ampersand in Auto Complete Entry Broken