Rails - Jan 2006 - Ruby "htmlentities" replacement: code review please!

Hi Railers,

For some time now I''ve been looking for a decent Rails equivalent of
PHP''s
"htmlentities" command, because ERB''s html_escape (or more
commonly called as
just "h", eg. <%=h @somevariable %> ) just doesn''t go
far enough for me.

Back in PHP land, I actually had an extended version of the htmlentities 
command to deal with all kinds of crazy characters that appear if you copy 
and paste into a CMS from Word.  So anyway, given the apparent lack of a 
function to do this in Rails, and because I''m not particularly
impressed with
ERB''s html_escape, I decided to do something about it and roll my own.

Here''s my code: http://rafb.net/paste/results/9lI1hc62.html

It defines a htmlentities function, designed to be included in a helper, or in 
your environment (that''s what I''m doing with it).  Then it
overrides the h
function to call htmlentities instead of ERB''s html_escape, hopefully
meaning
you can just drop this in and your app will start using it.

I''m offering this up for several reasons:

1. Because I know I''m not the only person who wants such functionality,
and
can''t seem to find anyone else who has written this yet.

2. For code review - is there anything wrong with it?  Anything missing?  
Anything that could be done more efficiently?  I''m hardly a Ruby /
Rails
guru, so would really appreciate some second opinions here!

I haven''t used this on a production site yet (only wrote it this
morning) but
my thinking is that this code coupled with Rails'' caching should solve
the
problem in a nice and efficient manner.  This probably isn''t the ideal 
solution, as in for sites in non-western alphabets (eg. Japanese, Hebrew, 
Arabic etc.) it probably doesn''t help, but the thinking is that this
command
should be at least as good as PHP''s htmlentities command for most
Western
alphabet users... I hope!  :-)

So, any comments?  Feel free to use the code anywhere you like, but possibly 
just wait until a few other folks have looked it over, just in case
there''s
something heinously wrong with it!  It comes with no guarantee of suitability 
for any purpose whatsoever, and you use it entirely at your own risk.

Regardless, if folks think it''s useful, I''ll put it online
somewhere more
permanent than RAFB NoPaste!

Cheers,

~Dave

-- 

Dave Silvester
Rent-A-Monkey Website Development
Web: http://www.rentamonkey.com/

On 1/18/06, Dave Silvester <dave@rentamonkey.com>
wrote:
> Hi Railers,
>
> For some time now I''ve been looking for a decent Rails equivalent
of PHP''s
> "htmlentities" command, because ERB''s html_escape (or
more commonly called as
> just "h", eg. <%=h @somevariable %> ) just doesn''t
go far enough for me.
>
> Back in PHP land, I actually had an extended version of the htmlentities
> command to deal with all kinds of crazy characters that appear if you copy
> and paste into a CMS from Word.  So anyway, given the apparent lack of a
> function to do this in Rails, and because I''m not particularly
impressed with
> ERB''s html_escape, I decided to do something about it and roll my
own.
>
> Here''s my code: http://rafb.net/paste/results/9lI1hc62.html
>
> It defines a htmlentities function, designed to be included in a helper, or
in
> your environment (that''s what I''m doing with it).  Then
it overrides the h
> function to call htmlentities instead of ERB''s html_escape,
hopefully meaning
> you can just drop this in and your app will start using it.
>
> I''m offering this up for several reasons:
>
> 1. Because I know I''m not the only person who wants such
functionality, and
> can''t seem to find anyone else who has written this yet.
>
> 2. For code review - is there anything wrong with it?  Anything missing?
> Anything that could be done more efficiently?  I''m hardly a Ruby /
Rails
> guru, so would really appreciate some second opinions here!
>
> I haven''t used this on a production site yet (only wrote it this
morning) but
> my thinking is that this code coupled with Rails'' caching should
solve the
> problem in a nice and efficient manner.  This probably isn''t the
ideal
> solution, as in for sites in non-western alphabets (eg. Japanese, Hebrew,
> Arabic etc.) it probably doesn''t help, but the thinking is that
this command
> should be at least as good as PHP''s htmlentities command for most
Western
> alphabet users... I hope!  :-)
>
> So, any comments?  Feel free to use the code anywhere you like, but
possibly
> just wait until a few other folks have looked it over, just in case
there''s
> something heinously wrong with it!  It comes with no guarantee of
suitability
> for any purpose whatsoever, and you use it entirely at your own risk.
>
> Regardless, if folks think it''s useful, I''ll put it
online somewhere more
> permanent than RAFB NoPaste!
>
> Cheers,
>
> ~Dave
>
> --
>
> Dave Silvester
> Rent-A-Monkey Website Development
> Web: http://www.rentamonkey.com/
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
You might want to post this to rails-core.

--
Kyle Maxwell
Chief Technologist
E Factor Media // FN Interactive
kyle@efactormedia.com
1-866-263-3261

On 18.1.2006, at 17:05, Dave Silvester wrote:
> For some time now I''ve been looking for a decent Rails equivalent
> of PHP''s
> "htmlentities" command, because ERB''s html_escape (or
more commonly
> called as
> just "h", eg. <%=h @somevariable %> ) just doesn''t
go far enough
> for me.
Why not? If you have your encodings set-up correctly in web pages or  
http headers, everything should just work. What doesn''t work?

Besides, your solution assumes one specific single-byte encoding  
(there are many single-byte western encodings). This is very wrong...


izidor

On Thursday 19 Jan 2006 11:05, Izidor Jerebic wrote:
> Why not? If you have your encodings set-up correctly in web pages or
> http headers, everything should just work. What doesn''t work?
> Besides, your solution assumes one specific single-byte encoding
> (there are many single-byte western encodings). This is very wrong...
OK, fair enough, I do see your point - maybe this is the wrong approach to the 
problem, and a throwback to my days of PHP.

I nearly always use iso-8859-1 for my sites, which means that when people 
paste text into any kind of CMS from Word (with it''s curly quotes, long
hyphens etc.) unless I strip those out or replace them, the page contains 
invalid characters.

I guess I should just use UTF-8 instead and ditch my allegiance to iso-8859-1.

See, this is why I asked for the code review... thanks for the shove in the 
right direction, and d''oh that for some stupid reason I didn''t
think of that
sooner, guess I was just stuck in my old ways there!  :-D

~Dave

-- 

Dave Silvester
Rent-A-Monkey Website Development
Web: http://www.rentamonkey.com/

Dave Silvester wrote:
> I guess I should just use UTF-8 instead and ditch my allegiance to
iso-8859-1.
> 
You''d probably be better off shifting to CP1252 (or 1250, come to think
of it) - it''s pretty much ISO-8859-1 with multibyte tacked on the side,
so your existing data should be OK.

-- 
Alex