search for: html_escap

I was trying to convert a some text with the (r) character it so it replaced character \xAE with ® h(@item.description) didn''t do anything. I need to use @item.description.grep(/\xAE/,''®'') for it to work. I think the h() function should be able to do all the codes that are available. Regards Neil.

according to the documentation, only the url_for from ActionView escape the URL. which happens on this line escape ? html_escape(url) : url and can be prevented by passing :escape => false to url_for. still according to the documentation, the url_for from ActionController is not supposed to escape the url. BUT IT DOES. at the moment of this line escape ? html_escape(url) : url url has already been escaped by the u...

Hi. In controller code I''m doing things like: flash[:success] = "Customer {#@customer.name} has been deleted." I know how to escape html in views by using the h() method. How can I do the same thing here in the controller? Thanks, Zack

I am seeing a curious anomaly with the inspect method. It displays one of the objects in a way I don''t understand. I''ll use the Recipes example to illustrate. First, I''ll describe the recipes table, then show how the @recipe variable is being created in the controller and passed in to the show view, and then show how I''m using the

Hi Railers, For some time now I''ve been looking for a decent Rails equivalent of PHP''s "htmlentities" command, because ERB''s html_escape (or more commonly called as just "h", eg. <%=h @somevariable %> ) just doesn''t go far enough for me. Back in PHP land, I actually had an extended version of the htmlentities command to deal with all kinds of crazy characters that appear if you copy and paste into a CMS...

hello, I have today updated my rails app to 3.0.4 security release but now this yield :javascripts fails in the layout and I get my custom js escaped as text in the view. anybody seeing this also? tia, jk -- www.least-significant-bit.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

ERROR: undefined method `h'' for ERB::Util:Module i get above error when i use ERB::Util.h(content) in my controller''s action. can any one one tell me how to use this ''h'' method within controller? thanks, Jigar Gosar http://jigar.org -- Posted via http://www.ruby-forum.com/.

I''m sure a real newbie question, but try searching for ''h'' in any search engine and you don''t get far. I am wondering what the h does in Ruby as in the code below: <%= h(truncate(product.description, 80)) %> -- Posted via http://www.ruby-forum.com/.

Hello, Is there a common way of stripping html tags from a string? Right now I''m just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always having used its strip_tags() method, I wonder if the Rails community has standardized this fairly common task with something a bit less simpleminded than my quick fix. Thanks! Zack -------------- next part

I''ve stucked to such problem: I have html entities in database, after using scaffold I''ve got these chars not converted (I have strictly " and & in page source). It is what I need, but after making ./script/generate scaffold modelname controllername (recreating controller) I''ve got all special chars converted into entities like (&quot and others). How can

Cheers, I work on a german site that obviously includes german words with umlauts in its data. It seems like the html_escape function (or simply h() function) will not escape umlauts: <%=h "ä" %> Will not produce &auml; What is the best way to do this? Thanks, Jonathan -- Jonathan Weiss http://blog.innerewut.de

When is it possible to set <script>while(true){}</script> as the value of project.name, what it the best way to escape the output of the following? <td><%= project.name %></td> Dennis Byrne -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060713/bbdedb86/attachment.html

...or/utils.ml b/generator/utils.ml index b24ba8c..3a62084 100644 --- a/generator/utils.ml +++ b/generator/utils.ml @@ -360,4 +360,10 @@ let args_of_optargs optargs = | OInt64 n -> Int64 n | OString n -> String n | OStringList n -> StringList n - ) optargs; + ) optargs + +let html_escape text = + let text = replace_str text "&" "&amp;" in + let text = replace_str text "<" "&lt;" in + let text = replace_str text ">" "&gt;" in + text diff --git a/generator/utils.mli b/generator/utils.mli index 5fd4...

Hi All, I posted earlier about a problem I was having with the various remote view methods escaping all the javascript in my callbacks. I was quickly informed that that''s just what they do, and offered some workarounds. However, in actually working with this, I''m finding that this one little thing is forcing me to write some REALLY ugly code. Where I thought I could

Hi, Just come across thi sproblem, and jsut cant find out what is wrong with it, if any one has any suggestions it would be good. in my projects_controller.rb I have def list @project_pages, @projects = paginate :projects, :per_page => 10 end and ths list.rhtml file I have <table> <tr> <th>Name</th> <th>Actions</th>

I recently built an RSS feed in Ruby, and it seemed to work fine. Now, when I generate my xml file, I''m getting an error because of an invalid character. The character is a simple apostrophe on the word >> I''m << Is there something that I should be doing for this? Like, specify a certain encoding, or inside of my <description></description> tags,

I''m trying to store an xsl stylesheet in the database and return it to the client, but at some point in the process all the angle brackets, etc are parsed out of the xml, so I get &lt;defaults&gt; instead of <defaults>. Anyone have any pointers how I would go about turning off that behavior? -Derek

...<kevin.olbrich@duke.edu>: >> >> You know, this has been bothering me a bit lately. If the point of >> doing an html escape on the output is to prevent security problems, >> wouldn''t it make sense for the default action on outputting data for it >> to be html_escape''d? >> > > Hmm, I think that it would just add confusion: > > Example: <%= link_to :action => ''something'' %> > > That would then output escaped HTML, rather than a link. > > Douglas Yes, that would be a problem using the current...

Been having a tough time finding any info on this subject (somewhat suprising actually). Looking thru the code, Rails automatically html_escape''s all option values and while this is generally good, I have some categories that have HTML embedded in them and therefore am looking for a way to turn this off. So far I have found none and am writing my own code to do this. If anyone knows of anything already existing, I would appre...

I want to test that the JSON response from a create action is sanitized properly, but rspec or webrat appears to be parsing the output into proper HTML chars instead of escaped characters. I have verified that it escapes properly in the regular browser json response. The relevant RSpec test code is: include ActionView::Helpers::TextHelper include ActionView::Helpers::UrlHelper it