Hi I have a wysiwyg html ditor in my app. How do I escape html written to the database and encoding when I display the content> Ty Pieter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060815/d8c50941/attachment.html
I''m not sure if I understand your question. However if you want to display literally (not rendered) the actual html that was stored in the database then use the ''h'' helper method to sanitize/escape it like This displays it literally without rendering the html (sanitized) <%= h @myhtmlcontent %> or this renders the html inline <% @myhtmlcontent %> Hope that helps, Jeff Barczewski On 8/15/06, Pieter Botha <pb.posbus@gmail.com> wrote:> Hi > > I have a wysiwyg html ditor in my app. How do I escape html written to the > database and encoding when I display the content> > > Ty > Pieter > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >
Tx Jeff I want to sore the html in the database and diaplay it inline. I am using the tinyce plugin to do the wysiwyg, store it in the database and then displays as <b>bold text</b> instead of inline. maybe I should use the ''h'' helpet when i store? Anyway - I will play around a bit. Tx. On 8/15/06, Jeff Barczewski <jeff.barczewski@gmail.com> wrote:> > I''m not sure if I understand your question. However if you want to > display literally (not rendered) the actual html that was stored in > the database then use the ''h'' helper method to sanitize/escape it like > > This displays it literally without rendering the html (sanitized) > <%= h @myhtmlcontent %> > > or this renders the html inline > <% @myhtmlcontent %> > > Hope that helps, > > Jeff Barczewski > > On 8/15/06, Pieter Botha <pb.posbus@gmail.com> wrote: > > Hi > > > > I have a wysiwyg html ditor in my app. How do I escape html written to > the > > database and encoding when I display the content> > > > > Ty > > Pieter > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060815/222ce0d0/attachment.html
Pieter, OK. So if you want it to render inline you would do something like <%= @mycontent %> but, maybe the reason it isn''t working for you is because what is ending up being saved in the database is already escaped like < is saved as < > is >... So you may need to unescape the html either before you save it or before you output it. You can use the CGI class to do this require ''cgi'' unescaped = CGI::unescapeHTML( escapedHtml ) Hope that helps, Jeff On 8/15/06, Pieter Botha <pb.posbus@gmail.com> wrote:> Tx Jeff > > I want to sore the html in the database and diaplay it inline. I am using > the tinyce plugin to do the wysiwyg, store it in the database and then > displays as <b>bold text</b> instead of inline. > > maybe I should use the ''h'' helpet when i store? > > Anyway - I will play around a bit. > > Tx. > > > On 8/15/06, Jeff Barczewski < jeff.barczewski@gmail.com> wrote: > > I''m not sure if I understand your question. However if you want to > > display literally (not rendered) the actual html that was stored in > > the database then use the ''h'' helper method to sanitize/escape it like > > > > This displays it literally without rendering the html (sanitized) > > <%= h @myhtmlcontent %> > > > > or this renders the html inline > > <% @myhtmlcontent %> > > > > Hope that helps, > > > > Jeff Barczewski > > > > On 8/15/06, Pieter Botha <pb.posbus@gmail.com > wrote: > > > Hi > > > > > > I have a wysiwyg html ditor in my app. How do I escape html written to > the > > > database and encoding when I display the content> > > > > > > Ty > > > Pieter > > > > > > _______________________________________________ > > > Rails mailing list > > > Rails@lists.rubyonrails.org > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > > > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >
Tx Jeff Will give it a bash and post my experience. Stuck in authentication at the mo! Cheers. Pieter. On 8/16/06, Jeff Barczewski <jeff.barczewski@gmail.com> wrote:> > Pieter, > > OK. So if you want it to render inline you would do something like > > <%= @mycontent %> > > but, maybe the reason it isn''t working for you is because what is > ending up being saved in the database is already escaped like < is > saved as < > is >... > > So you may need to unescape the html either before you save it or > before you output it. You can use the CGI class to do this > > require ''cgi'' > unescaped = CGI::unescapeHTML( escapedHtml ) > > Hope that helps, > > Jeff > > On 8/15/06, Pieter Botha <pb.posbus@gmail.com> wrote: > > Tx Jeff > > > > I want to sore the html in the database and diaplay it inline. I am > using > > the tinyce plugin to do the wysiwyg, store it in the database and then > > displays as <b>bold text</b> instead of inline. > > > > maybe I should use the ''h'' helpet when i store? > > > > Anyway - I will play around a bit. > > > > Tx. > > > > > > On 8/15/06, Jeff Barczewski < jeff.barczewski@gmail.com> wrote: > > > I''m not sure if I understand your question. However if you want to > > > display literally (not rendered) the actual html that was stored in > > > the database then use the ''h'' helper method to sanitize/escape it like > > > > > > This displays it literally without rendering the html (sanitized) > > > <%= h @myhtmlcontent %> > > > > > > or this renders the html inline > > > <% @myhtmlcontent %> > > > > > > Hope that helps, > > > > > > Jeff Barczewski > > > > > > On 8/15/06, Pieter Botha <pb.posbus@gmail.com > wrote: > > > > Hi > > > > > > > > I have a wysiwyg html ditor in my app. How do I escape html written > to > > the > > > > database and encoding when I display the content> > > > > > > > > Ty > > > > Pieter > > > > > > > > _______________________________________________ > > > > Rails mailing list > > > > Rails@lists.rubyonrails.org > > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > > > > > > > > > > _______________________________________________ > > > Rails mailing list > > > Rails@lists.rubyonrails.org > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060816/859de498/attachment.html