search for: html_safe

Just trying to implement a simple helper over the past few days had me really confused. messages = '''' messages << content_tag(:p, ''dave'') #=> &lt;p&gt;dave&lt;\p%;gt; Eventually I realised the original empty string was not html_safe message = ''''.html_safe message << content_tag(:p, ''dave'') #=> <p>dave</p> Is this intentional behavour? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this gr...

hello, I have today updated my rails app to 3.0.4 security release but now this yield :javascripts fails in the layout and I get my custom js escaped as text in the view. anybody seeing this also? tia, jk -- www.least-significant-bit.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

...l patch to make Rails behave properly with the Erubis <%== %> construct. For some reason the current behaviour of that tag in Rails 3 is to escape the contents _twice_ which is probably a bug. I offer three suggestions why this is a good idea: - The syntax is cleaner. It can avoid a lot of .html_safe and raw in your views. I especially like the conciseness of <%=== ''<b>Alert</b>'' if level<0 %> better then the alternative with .html_safe. - It performs slightly better since it saves a method call and we can concat a String directly instead of coercing ever...

This seems very simple, but I can''t quite get it. Probably because I''m just starting out with RoR. My view has a slew of labels and text fields; many are "required": <%= f.text_field :screen_name %> <span class="required_field">Required field</span> (The "required_field" class turns the text red and smaller.) I''d like to

Hi, Can somebody update me on the state of html_safe strings in rails 2.3.8? I know rails 2.3.6 and 2.3.7 broke a lot of code because strings were being escaped when they shouldn''t have been and I thought this was all fixed in 2.3.8. I''m upgrading an app from 2.3.5 to 2.3.8 and there are many spots where previous code was output c...

...arrange(:order => :created_at) %> and the following helper method module MessagesHelper def nested_messages(messages) messages.map do |message, sub_messages| render(message) + content_tag(:div, nested_messages(sub_messages), :class => "nested_messages") end.join.html_safe end end I tried the same and it works fine. My Question ist, how do I can force the helper to render in a different partial like ''_old_message'' or something else. I tried a lot but everytime the helper render the _message.html.erb partial. Thanks ahead for any help! Regs Her...

If a model doesn''t pass validation the field in the view is put under a <div class="field_with_errors">. But who create that div? field_text helper do it? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

...> <% if !tran.ticket_code.nil? && tran.ticket_code.present?%><%tran_code = tran.ticket_code%><%else%><%tran_code = "-"%><%end%> <%- row = [ tran_id, tran_actid, tran_actname, cus_name, tran_code ] -%> <%#= CSV.generate_line(row).html_safe.strip%> <%end%> <%else%> Sorry we found no results <%end%> now i got 5 extra empty rows how can avoid the empty rows. thanks for advance. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe f...

...well, I get this error: ActionView::Template::Error (Cannot modify SafeBuffer in place): When passing a string to this function (in application_helper.rb) through a simple: <%= format_me(article[shortdesc])%> def format_me(text, html_options={}, options={}) text = ''''.html_safe if text.nil? start_tag = tag(''p class=grey'', html_options, true) text = sanitize(text) unless options[:sanitize] == false text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "</p><br />\n\n#{start_tag}&...

How to get current binding in a partial (to use helpers and local variables in erb script)? When I invoke result whithout binding, = ERB.new("script").result.html_safe all work (without vars are needed), but when I write = ERB.new("script").result(binding).html_safe (in HAML HTML partial), THE PARTIAL''S REST OF OUTPUT IS CLEAR. What is the problem? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are su...

...The helper is: def flash_helper f_names = [:success] fl = '''' for name in f_names if flash[name] fl = fl + "<div class=\"notice\">#{flash[name]}</div>" end flash[name] = nil; end return fl.html_safe end [/code] Like I said the flash message works just fine however the test fails any ideas would be greatly appreciated. Hope all is well :) -- Posted via http://www.ruby-forum.com/.

...ef flash_messages messages = [] %w(notice warning error).each do |msg| messages << content_tag(:div, content_tag(:p, html_escape(flash[msg.to_sym])), :class => "message #{msg}") unless flash[msg.to_sym].blank? end messages end I am not sure how to make it html_safe so that Rails 3 renders it properly. No problems with Rails 2.3.8, but I had to mark the entire method "safe_method" using rails_xss plugin. Is there a rule to doing this kind of view sanitization? Thanks. Bharat -- Posted via http://www.ruby-forum.com/. -- You received this messa...

Does anyone know how to override the <div class="fieldWithErrors"> behaviour when a form field is incorrect? Thanks, Dan

Have been developing on 3.0.0beta4 and just updated to 3.0.0.rc. When I try to link_to() a User object that previously had worked, I get the following: ActionView::Template::Error (No route matches {:action=>"destroy", :controller=>"games", :id=>#<User ..... > Yet I have in my routes.rb file has resources :users and my "rake routes" shows:

Hi, I''m working to patch actionpack/lib/action_view/helpers/ cache_helper.rb so that it doesn''t throw when ouput_buffer isn''t ActionView::OutputBuffer but is still html_safe. In 3-0-stable the function contains the following if: if output_buffer.is_a?(ActionView::OutputBuffer) safe_output_buffer = output_buffer.to_str fragment = safe_output_buffer.slice!(pos..-1) self.output_buffer = ActionView::OutputBuffer.new(safe_outpu...

Same problem here but solved! hopefully this is helpful. Solution was to watch Ryan Bates Railscast on Rails 3 XSS, and then to ensure any strings being sent out by my form and custom helpers was HTML Safe => Just look for where the helpers are rendering tags and string and add the ".html_safe" method on the end. Hope this is helpful -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group...

Having problems rendering javascript in erb file. Thanks for suggestions. //layout erb file (function() { ... var widget_properties = {}; <%= content_for?(:extend_widget) ? "widget_properties = " + yield(:extend_widget) : '''' %> ... })(); //view erb file <% content_for :extend_widget do %> extend = { _init: function() {

...tag(:li, "") end end and using it as <%= data_list_for @leads, [" :10", "Age:30", "Contact:140", "Phone: 140", "Email:180", "Company:100", ""] do |l| %> <%= l.column { |c| link_to "&nbsp;".html_safe, "leads/details/ #{c.object.id}", :class=>:plus, :remote=>true } %> <%= l.column { |c| c.object.age } %> <%= l.column { |c| c.object.contact.complete_name } %> <%= l.column { |c| c.object.contact.phones.blank? ? "-" : c.object.contact.phones.f...

...s = {}) options, collection = collection, nil if collection.is_a? Hash # Taken from original will_paginate code to handle if the helper is not passed a collection object. collection ||= infer_collection_from_controller options[:renderer] ||= BootstrapLinkRenderer super.try :html_safe end ............. So when I call will_paginate it''s rendered using BootstrapLinkRenderer. I want to rename the method name will_paginate in, for example bootstrap-will_paginate, so that I can use will_paginate with its own render and bootstrap-will_paginate with BootstrapLinkRenderer....

_form.html.haml = f.label :Select_Brand, "Select_Brand<em>*</em>".html_safe = collection_select(:brand_name, :brand_id, Brand.all, :id, :name, :prompt => "Select a Brand" ) show.html.haml file %table %tr %td Brand_Name : %td = @message.brand_id After writing this code I am not able to see the brand name. Its not giving any error but...