Rails - Dec 2011 - Convert html entities? Just use html_safe?

Hi!

I''m importing lots of products via XML. Some characters like the
swedish å,
ä, ö are encoded as å for instance. When I print it I just append 
.html_safe to make it appear correct.

Is this a good and safe approach or should I convert the characters in some 
other way?

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/mXZ315WUHdgJ.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

It depends.

If the strings are entered by the user you should stay away from using
html_safe because you open your application to html injection attacks.

If the strings come from a trusted source, it is OK to use html_safe.

On Dec 18, 5:50 pm, Linus Pettersson
<linus.petters...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Hi!
>
> I''m importing lots of products via XML. Some characters like the
swedish å,
> ä, ö are encoded as &aring; for instance. When I print it I just append
> .html_safe to make it appear correct.
>
> Is this a good and safe approach or should I convert the characters in some
> other way?
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.