Say I have a hidden field inside a form which tells me which quote
character some file uses. The details are irrelevant, but I need to have a
string value that could have a double quote. Assume we have a variable
@quote_char = ''"''
Now, in the view, I try all of these
<input type=''hidden''
name=''quote_char'' value=<%=
html_escape(@quote_char) %> >
<input type=''hidden''
name=''quote_char'' value="<%=
html_escape(@quote_char) %>" >
<input type=''hidden''
name=''quote_char'' value="<%= @quote_char %>"
>
<input type=''hidden''
name=''quote_char'' value=<%= @quote_char.inspect %>
>
<%= hidden_field_tag :quote_char, @quote_char %>
None of these give well-formed HTML that was interpreted correctly by the
browser. The only one that seemed to work was
<input type=''hidden''
name=''quote_char'' value=<%=
html_escape(@quote_char).inspect %> >
which gave
<input type=''hidden''
name=''quote_char'' value=""" >
So what exectly is the correct way to handle strings possibly containing
quotes in views. Obviously the string may or may not contain said quotes
every time the view is generated so there should be a general way to handle
this with some helper function, etc.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/LanotYBTLPgJ.
For more options, visit https://groups.google.com/groups/opt_out.
On Thu, Mar 21, 2013 at 4:27 PM, Y S <yusuhail-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Say I have a hidden field inside a form which tells me which quote character > some file uses. The details are irrelevant, but I need to have a string > value that could have a double quote. Assume we have a variable > > @quote_char = ''"'' > > Now, in the view, I try all of these > > <input type=''hidden'' name=''quote_char'' value=<%> html_escape(@quote_char) %> > > <input type=''hidden'' name=''quote_char'' value="<%> html_escape(@quote_char) %>" > > <input type=''hidden'' name=''quote_char'' value="<%= @quote_char %>" > > <input type=''hidden'' name=''quote_char'' value=<%= @quote_char.inspect %> >> > <%= hidden_field_tag :quote_char, @quote_char %> > > None of these give well-formed HTML that was interpreted correctly by the > browser. The only one that seemed to work was > <input type=''hidden'' name=''quote_char'' value=<%> html_escape(@quote_char).inspect %> > > which gave > <input type=''hidden'' name=''quote_char'' value=""" > > > So what exectly is the correct way to handle strings possibly containing > quotes in views. Obviously the string may or may not contain said quotes > every time the view is generated so there should be a general way to handle > this with some helper function, etc.Going into the Rails console, perhaps you can see what is happening: Loading development environment (Rails 3.1.3) 1.9.3p194 :001 > qc = ''"'' => "\"" (the next line loads up the ERB utilities, including html_escape) 1.9.3p194 :002 > include ERB::Util => Object (Just calling the function is like html_escape(qc).inspect) 1.9.3p194 :003 > html_escape(qc) => """ (To be more like what is happening in your erb file, let''s print it) 1.9.3p194 :005 > puts html_escape(qc) " => nil So seeing that, it''s probably obvious why your call with .inspect worked -- it emitted the double quote marks around the content, which is one of the things .inspect does. But to just put it into the erb file embedded in html, all you should need to do is: <input type=''hidden'' name=''quote_char'' value=''<%= html_escape(@quote_char) %>'' > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Thank you! I just had a couple of questions: How should we approach the problem is the tab character is to be included in the string. For example, <% c = ''\t'' %> <input type=''hidden'' name=''char'' value=''<%=html_escape(c) %>'' > just shows the tab as a space. Also, shouldn''t Rails helper tags use single quotes since they work in both cases: <% c1 = "''" %> <input type=''hidden'', name=''char1'' value=''<%= html_escape(c1) %>''> <% c2 = ''"'' %> <input type=''hidden'', name=''char2'' value=''<%= html_escape(c2) %>''> Thanks! I really appreciate the discussion. On Thursday, March 21, 2013 7:29:28 PM UTC-4, tamouse wrote:> > On Thu, Mar 21, 2013 at 4:27 PM, Y S <yusu...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org <javascript:>> > wrote: > > Say I have a hidden field inside a form which tells me which quote > character > > some file uses. The details are irrelevant, but I need to have a string > > value that could have a double quote. Assume we have a variable > > > > @quote_char = ''"'' > > > > Now, in the view, I try all of these > > > > <input type=''hidden'' name=''quote_char'' value=<%= > > html_escape(@quote_char) %> > > > <input type=''hidden'' name=''quote_char'' value="<%= > > html_escape(@quote_char) %>" > > > <input type=''hidden'' name=''quote_char'' value="<%= @quote_char %>" > > > <input type=''hidden'' name=''quote_char'' value=<%= @quote_char.inspect > %> > >> > > <%= hidden_field_tag :quote_char, @quote_char %> > > > > None of these give well-formed HTML that was interpreted correctly by > the > > browser. The only one that seemed to work was > > <input type=''hidden'' name=''quote_char'' value=<%= > > html_escape(@quote_char).inspect %> > > > which gave > > <input type=''hidden'' name=''quote_char'' value=""" > > > > > So what exectly is the correct way to handle strings possibly containing > > quotes in views. Obviously the string may or may not contain said quotes > > every time the view is generated so there should be a general way to > handle > > this with some helper function, etc. > > Going into the Rails console, perhaps you can see what is happening: > > Loading development environment (Rails 3.1.3) > 1.9.3p194 :001 > qc = ''"'' > => "\"" > > (the next line loads up the ERB utilities, including html_escape) > > 1.9.3p194 :002 > include ERB::Util > => Object > > (Just calling the function is like html_escape(qc).inspect) > > 1.9.3p194 :003 > html_escape(qc) > => """ > > (To be more like what is happening in your erb file, let''s print it) > > 1.9.3p194 :005 > puts html_escape(qc) > " > => nil > > So seeing that, it''s probably obvious why your call with .inspect > worked -- it emitted the double quote marks around the content, which > is one of the things .inspect does. > > But to just put it into the erb file embedded in html, all you should > need to do is: > > <input type=''hidden'' name=''quote_char'' value=''<%= html_escape(@quote_char) > %>'' > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/Nu09sfGEYc4J. For more options, visit https://groups.google.com/groups/opt_out.
On Mon, Mar 25, 2013 at 2:58 PM, Y S <yusuhail-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> How should we approach the problem is the tab character is to be included in > the string. For example, > > <% c = ''\t'' %> > <input type=''hidden'' name=''char'' value=''<%=html_escape(c) %>'' > > just shows the tab as a space.The tab char (\t) is not converted by html_escapes() as far as I know; if you want to make it an HTML-ish entity, you''re probably going to have to encode that yourself (it''s  , btw). Even so, I''m not sure what the value of that would be, as it doesn''t actually seem to fill up any space in an input text box.> Also, shouldn''t Rails helper tags use single quotes since they work in both > cases: > <% c1 = "''" %> > <input type=''hidden'', name=''char1'' value=''<%= html_escape(c1) %>''> > > <% c2 = ''"'' %> > <input type=''hidden'', name=''char2'' value=''<%= html_escape(c2) %>''>In both cases, the characters c1 and c2 are being converted to HTML entities, ' and " respectively, and no longer contain and sort of "quoteness" (if you''ll permit) in the HTML context they get rendered in. I''m not about to say anything regarding which quoting should be policy; in fact I''ll argue strenuously against any such policy.> Thanks! I really appreciate the discussion.My pleasure! -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.