Hi! Okay, so let''s start I''m starting rails so here''s a noob question for you! I did a little blog with scaffolding. Everything is working as expected but I''d like to modify it''s functionality. I''ve been a PHP developer for ages and I''m currently using symfony for almost a year. It''s a PHP framework that works in some way like rails. In my little blog I, sometimes, enter ruby codes with HTML tags (<>) but as there''s nothing to convert them to html entities they are not showing up on the page. As you can see on http://rails.tbergeron.com They are plain HTML tags in my html layout. So here''s what I''d like to do: I''d like to override my model''s save method to put something like h() around my text so html could be converted to entities. Could you help? That''d be awesome! Thanks a lot!
On Aug 15, 1:32 am, Tommy Bergeron <t.berge...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi! > > Okay, so let''s start I''m starting rails so here''s a noob question for > you! > > I did a little blog with scaffolding. Everything is working as > expected but I''d like to modify it''s functionality. > > I''ve been a PHP developer for ages and I''m currently using symfony for > almost a year. It''s a PHP framework that works in some way like rails. > > In my little blog I, sometimes, enter ruby codes with HTML tags (<>) > but as there''s nothing to convert them to html entities they are not > showing up on the page. > > As you can see onhttp://rails.tbergeron.comThey are plain HTML tags > in my html layout. > > So here''s what I''d like to do: > I''d like to override my model''s save method to put something like h() > around my text so html could be converted to entities.This sounds like a possible job for before_save. Personally though I''d store unsanitized text in the database and sanitize it when displaying (having escaped text in the database might make your editing bits rather more complicated). Fred> > Could you help? That''d be awesome! > > Thanks a lot!
On Aug 15, 4:52 am, Frederick Cheung <frederick.che...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: [...]> Personally though I''d > store unsanitized text in the database and sanitize it when displaying > (having escaped text in the database might make your editing bits > rather more complicated).Maybe. If you''re just using plain text, then just store it plain in the database and escape it on output. However, if you want to allow HTML tags for formatting, then the database should contain HTML fragments and *not* be escaped on output. Either way, though, h() on before_save is probably a bad idea.> > FredBest, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org