Hi guys, My start_form_tag generated form will not accept a text field containing an ampersand. For example, the text ''A & B'' is trunacted to ''A'' in the param hash. I know ampersands have to be encoded in URLs, but I''m surprised my form has a problem with this. I''ve tested this in Safari and Firefox. thanks Lindsay -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
It turns out start_form_tag isn''t the issue... I''ve traced the problem down to an observe_field. The value being sent by the AJAX call is ''A '' - the ''&B'' isn''t sent, as one would expect. So, how can I escape the value to send the ''&'' as an ''&''? I''ve tried '':method => post'' but that doesn''t help either. Lindsay -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I know that the function h(string) strips a string and converts all escape characters into their html-code equivalents. so: h "A & B" will return "A &amp; B" or h "A < B" returns "A < B" I hope this helps, it''s one of the few things I know! Sebastian Wolf On Feb 6, 3:55 pm, Lindsay Boyd <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> It turns out start_form_tag isn''t the issue... > > I''ve traced the problem down to an observe_field. The value being sent > by the AJAX call is ''A '' - the ''&B'' isn''t sent, as one would expect. So, > how can I escape the value to send the ''&'' as an ''&''? I''ve tried > '':method => post'' but that doesn''t help either. > > Lindsay > > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Lindsay, Hi Lindsay, Lindsay Boyd wrote:> how can I escape the value to send the ''&'' > as an ''&''?The problem, in general terms, is about accepting non-text input from users. It''s dangerous. Here''s a link to get you started. http://www.sitepoint.com/blogs/2004/03/26/handling-content-from-strangers/ hth, Bill --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---