similar to: ERROR: undefined method `h'' for ERB::Util:Module

The view file (eg. apps/views/items/list.rhrml) is still displayed even when the action is hidden (hide_action :list). How can I hide view file form being automatically displayed in this circumstance? thanks, jigar -- Posted via http://www.ruby-forum.com/.

when i run rake create_sessions_table, I get following output. tables donot get created and my application doesnot start. (in G:/rubysrc/blog) create db/migrate create db/migrate/001_add_sessions.rb info: the first time ran take everyting was fine, but now i have reinstalled ruby and rails and created the database, but i am unable to create session table with rake, please help.

I have a model with a attribute named "code". Every time i create an instance I want the "code" to be initialized by making a call to "generate_code" method. How do i initialize model attributes in rails ?? thanks for help. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are

When is it possible to set <script>while(true){}</script> as the value of project.name, what it the best way to escape the output of the following? <td><%= project.name %></td> Dennis Byrne -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060713/bbdedb86/attachment.html

Instead of continuing the thread hijack, I''ve started a new one.... Douglas Livingstone wrote: > 2006/1/22, Kevin Olbrich <kevin.olbrich@duke.edu>: >> >> You know, this has been bothering me a bit lately. If the point of >> doing an html escape on the output is to prevent security problems, >> wouldn''t it make sense for the default action on

I was trying to convert a some text with the (r) character it so it replaced character \xAE with &reg; h(@item.description) didn''t do anything. I need to use @item.description.grep(/\xAE/,''&reg;'') for it to work. I think the h() function should be able to do all the codes that are available. Regards Neil.

I tried running webrick in production mode with -e production option. I changed development database name so as to make sure webrick was running in production mode. Now I wanted to test my new 404.html page so I typed an invalid URL, I still get some routing error instead of my 404.html page. Why is this happening with webrick in production. I haven''t even changed any of the environment

Being new to testing and ruby, are there "standard" tests that can be done that test for things like cross site scripting and friends? If not, anyone have ideas on what I might do about testing those sorts of things? I''ll be using rails, also. Mike B. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging

I''m sure a real newbie question, but try searching for ''h'' in any search engine and you don''t get far. I am wondering what the h does in Ruby as in the code below: <%= h(truncate(product.description, 80)) %> -- Posted via http://www.ruby-forum.com/.

hello, I have today updated my rails app to 3.0.4 security release but now this yield :javascripts fails in the layout and I get my custom js escaped as text in the view. anybody seeing this also? tia, jk -- www.least-significant-bit.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

Hello, Is there a common way of stripping html tags from a string? Right now I''m just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always having used its strip_tags() method, I wonder if the Rails community has standardized this fairly common task with something a bit less simpleminded than my quick fix. Thanks! Zack -------------- next part

Hi Railers, For some time now I''ve been looking for a decent Rails equivalent of PHP''s "htmlentities" command, because ERB''s html_escape (or more commonly called as just "h", eg. <%=h @somevariable %> ) just doesn''t go far enough for me. Back in PHP land, I actually had an extended version of the htmlentities command to deal with

In web applications that have user generated content, it is clearly necessary to provide some ability to ''escape'' user generated text to avoid SQL injection, XSS, and other nasty attacks. The existing dogma on this point seems to favor escaping text as it comes out of the database, rather than doing it on the way in. I''m not sure that I understand the logic behind

I''ve submitted a small patch to make Rails behave properly with the Erubis <%== %> construct. For some reason the current behaviour of that tag in Rails 3 is to escape the contents _twice_ which is probably a bug. I offer three suggestions why this is a good idea: - The syntax is cleaner. It can avoid a lot of .html_safe and raw in your views. I especially like the conciseness of

ruby script/generate controller Tools::Search - ok in views/layouts/application.rhtml: <%= render_component :controller => ''tools/search'', :action => ''searchbox'', :params => {:context => ''header-section''} %> in

I have 2 pages that have almost the same content except for stuff in the middle. I''d basically like to have a sub-layout that wraps the content that is different - exactly the way a normal layout file would. How can I call into a layout inside of erb? I''d like to do something like this: <%= render :sub-layout => "reusable-wrapper" %>

Native ERB in ruby, and eruby, seem to lack the -%> feature for suppressing trailing newlines. Thus erb -n script gives errors. Where is Rails ERB so I can invoke it directly? Thank you Hugh

In the "Agile Web Development with Rails" book it runs through making an example application, a shopping cart. In one of the views files, there is one line of code I dont understand (below), I dont know what the "h" is for, also I took the h out, and it did not affect the application (as far as i could see). <%= h(product.title) %> Can anyone shed some light on this

Hi, I thought it would be fun to try to write a render method that uses erb for rending. I''m not much of a programmer, but I still like to try: module Test require ''erb'' def render(m) ERB.new(IO.read("templates/layout.html")).result(binding) do ERB.new(IO.read("templates/#{m}.html")).result(binding) end end end This

In the example application named "sample_app", comment.jerb contains the following line: $(''comments'').update(<%=js partial(:comments) %>); What does the ''js'' method do to/with, if anything at all, ''partial(:comments)''? Merb is quite fun to use and I''m starting to get a feel for it and ruby. I''m surprised at