In the "Head First Rails" book, it mentions that "h" in <%=h...%> is a helper method. Can someone describe what that means? And, when should I use <%=h...%>? Is it when I want the result to be displayed on my view for example? Thanks. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Abder-Rahman Ali wrote:> In the "Head First Rails" book, it mentions that "h" in <%=h...%> is a > helper method. > > Can someone describe what that means? And, when should I use <%=h...%>? > Is it when I want the result to be displayed on my view for example? > > Thanks.Hi, I know the use of <%=h...%> is to show the html tags: Consider the following example: @a= "hi how are <br/>you." <%= @a %> #=> hi how are you. <%=h @a %> #=> hi how are <br/>you. Regards, Saurabh -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 21 Jul 2010, at 01:56, Abder-Rahman Ali wrote:> In the "Head First Rails" book, it mentions that "h" in <%=h...%> is a > helper method. > > Can someone describe what that means? And, when should I use <%=h...%>? > Is it when I want the result to be displayed on my view for example?h is short for html_escape. You''re probably end up using it nearly every time you display user entered data (or you may be at the risk of xss attacks). From rails 2.3.8 there''s a different way of handling this - strings have a notion of whether they are safe or not Fred> > Thanks. > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung wrote:> On 21 Jul 2010, at 01:56, Abder-Rahman Ali wrote: > >> In the "Head First Rails" book, it mentions that "h" in <%=h...%> is a >> helper method. >> >> Can someone describe what that means? And, when should I use <%=h...%>? >> Is it when I want the result to be displayed on my view for example? > > h is short for html_escape. You''re probably end up using it nearly every > time you display user entered data (or you may be at the risk of xss > attacks). From rails 2.3.8 there''s a different way of handling this - > strings have a notion of whether they are safe or not > > FredThanks a lot everyone for your replies. Fred, can you just clarify? - html_escape - XSS attacks Thanks a lot. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jul 21, 9:37 am, Abder-Rahman Ali <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> > Fred, can you just clarify? > > - html_escapehttp://api.rubyonrails.org/classes/ERB/Util.html#M000138> - XSS attacksthat''s a huge topic - http://lmgtfy.com/?q=XSS+attacks Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung wrote:> On Jul 21, 9:37�am, Abder-Rahman Ali <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote: >> >> Fred, can you just clarify? >> >> - html_escape > http://api.rubyonrails.org/classes/ERB/Util.html#M000138 > >> - XSS attacks > > that''s a huge topic - http://lmgtfy.com/?q=XSS+attacks > > FredThanks Fred. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.