similar to: html escape and migrating from rails 2 to rails 3

Hi, Can somebody update me on the state of html_safe strings in rails 2.3.8? I know rails 2.3.6 and 2.3.7 broke a lot of code because strings were being escaped when they shouldn''t have been and I thought this was all fixed in 2.3.8. I''m upgrading an app from 2.3.5 to 2.3.8 and there are many spots where previous code was output correctly and now it expects html_safe method

I have a legacy application I ported from Rails 2.x. I found that the escaping was occurring where it shouldn''t, like in creation of forms, and I couldn''t turn it off. I found two mechanisms that should have disabled it, a function safe_html, which is supposed to mark a string as not needing to be escaped. The other is raw, which similarly indicates that a string should be output

Just trying to implement a simple helper over the past few days had me really confused. messages = '''' messages << content_tag(:p, ''dave'') #=> &lt;p&gt;dave&lt;\p%;gt; Eventually I realised the original empty string was not html_safe message = ''''.html_safe message << content_tag(:p, ''dave'') #=>

The following code in my application_helper.rb class either eats the flash message or escapes it and does not display properly: # Outputs the corresponding flash message if any are set def flash_messages messages = [] %w(notice warning error).each do |msg| messages << content_tag(:div, content_tag(:p, html_escape(flash[msg.to_sym])), :class => "message

This seems very simple, but I can''t quite get it. Probably because I''m just starting out with RoR. My view has a slew of labels and text fields; many are "required": <%= f.text_field :screen_name %> <span class="required_field">Required field</span> (The "required_field" class turns the text red and smaller.) I''d like to

I''ve submitted a small patch to make Rails behave properly with the Erubis <%== %> construct. For some reason the current behaviour of that tag in Rails 3 is to escape the contents _twice_ which is probably a bug. I offer three suggestions why this is a good idea: - The syntax is cleaner. It can avoid a lot of .html_safe and raw in your views. I especially like the conciseness of

Same problem here but solved! hopefully this is helpful. Solution was to watch Ryan Bates Railscast on Rails 3 XSS, and then to ensure any strings being sent out by my form and custom helpers was HTML Safe => Just look for where the helpers are rendering tags and string and add the ".html_safe" method on the end. Hope this is helpful -- You received this message because you are

Hi friends, i am using csv export on my application. in my view file code is <%- headers = ["Transaction ID", "Activity ID", "Product Name","Customer Name", "Ticket code"] -%> <%= CSV.generate_line(headers).strip %> <%if !@trans.nil? && @trans.length > 0 %> <% @trans.each do |tran|%> <% if

Cheers, I work on a german site that obviously includes german words with umlauts in its data. It seems like the html_escape function (or simply h() function) will not escape umlauts: <%=h "ä" %> Will not produce &auml; What is the best way to do this? Thanks, Jonathan -- Jonathan Weiss http://blog.innerewut.de

i need to encode .c files to html, like on this website: http://centricle.com/tools/html-entities/ i tried to write a bash script for it: http://pastebin.com/raw.php?i=mZKAw4c5 but it's not working very well :D does anyone has a script, that does this? thank you :\

How to get current binding in a partial (to use helpers and local variables in erb script)? When I invoke result whithout binding, = ERB.new("script").result.html_safe all work (without vars are needed), but when I write = ERB.new("script").result(binding).html_safe (in HAML HTML partial), THE PARTIAL''S REST OF OUTPUT IS CLEAR. What is the problem? -- Posted

Hello, Trying to upgrade an app that was running fine in 3.0.3 to 3.0.9 and while everything works well, I get this error: ActionView::Template::Error (Cannot modify SafeBuffer in place): When passing a string to this function (in application_helper.rb) through a simple: <%= format_me(article[shortdesc])%> def format_me(text, html_options={}, options={}) text =

When I write var x = "<%= select_tag(:activity_group, options_for_select(activity_grp),{:include_blank => ''Create New Group'', :style => ''width: 100px''}) %>"; where <% activity_grp = @activity_group.map { |ag| [ag.name, ag.id] } %> However, I get error (missing ; before statement) in Firebug because var x = "<select

Hi RoR Community, in Ryan Bates Railscasts Episode #262 he put the index code <% for message in @messages %> <div class="message"> <div class="created_at"><%= message.created_at.strftime("%B %d, %Y") %></div> <div class="content"> <%= message.content %> </div> <div

Hi guys I''m doing a form with fields like name, email, phone, address, city, state, etc. Each field has a table in db. I will use state field as an example: In db I had table states with columns: position, name and acronym In my View I had a HTML table with name and acronym, ordered by position (when page loads). I can order my table using select box (order by name or acronym) or

Hi All, After a failed attempt to update to 2.3.7 yesterday I''ve tried again today to upgrade to 2.3.8 and whilst most of the site is working I''m still getting some content escaped. I''ve got a helper method that takes a block and uses concat, it can also take some content passed through in a parameter - if content is passed in via the parameter then that is getting

hello, I have today updated my rails app to 3.0.4 security release but now this yield :javascripts fails in the layout and I get my custom js escaped as text in the view. anybody seeing this also? tia, jk -- www.least-significant-bit.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

Hello pls help me, below is my code <label style="width:175px;text_align:left;float:left;font-weight:bold;font-size:13px;">Group <font size="1" color="red">*</font></label> How to write this html code inside label_tag of rails ???? am clear till <font size="1" color="red">*</font>...

Hello every one, So my this rspec test fails: [code] it "should have a welcome message" do post :create, :user => @attr response.flash[:success].should eql("Welcome new user!") end [/code] However when I create a new user the flash message does display just as I had wanted it to. The controller has this in it: [code] def create @user =

Hi All, I want to refresh a partial onClick, onClick i am making ajax call and getting the data but i am unable to refresh the partial. here is the code IN views: home.html.erb $(document).ready(function() { var currentCellText; $(".inline").click(function() { currentCellText = $(this).text(); $.ajax({ type: ''GET'', dataType: "json",