Hello,
I''m trying to follow a book (www.RailsSpace.com). The book was made
with an older version of Rails, but I''m using Rails 3. I''ve
got a
snippet of code in my application helper that is supposed to add a text
field... It does, but it comes out as escaped TEXT on the webpage. Here
is my helper method:
def text_field_for(form, field,
size=HTML_TEXT_FIELD_SIZE,
maxlength=DB_STRING_MAX_LENGTH)
label = content_tag("label", "#{field.humanize}:", :for
=> field)
form_field = form.text_field field, :size => size, :maxlength =>
maxlength
content_tag("div", "#{label} #{form_field}", :class =>
"form_row")
end
Then the ERB:
<%= text_field_for form, "first_name" %>
...and finally when it''s rendered:
<label for="first_name">First name:</label> <input
id="spec_first_name"
maxlength="255" name="spec[first_name]" size="15"
type="text" value=""
/>
...which looks right, but it''s escaped HTML text for some reason. Any
know why?
Thanks,
- Jeff Miller
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 30, 6:40 pm, Jeff Miller <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Hello, > I''m trying to follow a book (www.RailsSpace.com). The book was made > with an older version of Rails, but I''m using Rails 3. I''ve got a > snippet of code in my application helper that is supposed to add a text > field... It does, but it comes out as escaped TEXT on the webpage. Here > is my helper method: > > def text_field_for(form, field, > size=HTML_TEXT_FIELD_SIZE, > maxlength=DB_STRING_MAX_LENGTH) > label = content_tag("label", "#{field.humanize}:", :for => field) > form_field = form.text_field field, :size => size, :maxlength => > maxlength > content_tag("div", "#{label} #{form_field}", :class => "form_row") > end > > Then the ERB: > <%= text_field_for form, "first_name" %> > > ...and finally when it''s rendered: > <label for="first_name">First name:</label> <input id="spec_first_name" > maxlength="255" name="spec[first_name]" size="15" type="text" value="" > /> > > ...which looks right, but it''s escaped HTML text for some reason. Any > know why?Rails now has XSS protection built in. You need to tell rails that the string you''ve constructed ("#{label} #{form_field}") is safe. One way of doing this is calling html_safe! on it Fred> > Thanks, > - Jeff Miller > > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
...
content_tag("div", "#{label} #{form_field}".html_safe!,
:class =>
"form_row")
...
gives me the error: You can''t call html_safe! on a String.
Obviously I''m doing this wrong... where should I place html_safe! ?
Thanks,
- Jeff Miller
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Ah! I got it. Thanks for pointing me in the right direction! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Jan 30, 2011, at 2:05 PM, Jeff Miller wrote:> ... > content_tag("div", "#{label} #{form_field}".html_safe!, :class => > "form_row") > ... > > gives me the error: You can''t call html_safe! on a String. > > Obviously I''m doing this wrong... where should I place html_safe! ? > > Thanks, > - Jeff MillerIt''s just .html_safe (no ! on it) -Rob Rob Biedenharn Rob-xa9cJyRlE0mWcWVYNo9pwxS2lgjeYSpx@public.gmane.org http://AgileConsultingLLC.com/ rab-/VpnD74mH8+00s0LW7PaslaTQe2KTcn/@public.gmane.org http://GaslightSoftware.com/ -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.