similar to: html special characters. h() failure.

ERROR: undefined method `h'' for ERB::Util:Module i get above error when i use ERB::Util.h(content) in my controller''s action. can any one one tell me how to use this ''h'' method within controller? thanks, Jigar Gosar http://jigar.org -- Posted via http://www.ruby-forum.com/.

hello, I have today updated my rails app to 3.0.4 security release but now this yield :javascripts fails in the layout and I get my custom js escaped as text in the view. anybody seeing this also? tia, jk -- www.least-significant-bit.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to

according to the documentation, only the url_for from ActionView escape the URL. which happens on this line escape ? html_escape(url) : url and can be prevented by passing :escape => false to url_for. still according to the documentation, the url_for from ActionController is not supposed to escape the url. BUT IT DOES. at the moment of this line escape ? html_escape(url) : url url has

When is it possible to set <script>while(true){}</script> as the value of project.name, what it the best way to escape the output of the following? <td><%= project.name %></td> Dennis Byrne -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060713/bbdedb86/attachment.html

I''m sure a real newbie question, but try searching for ''h'' in any search engine and you don''t get far. I am wondering what the h does in Ruby as in the code below: <%= h(truncate(product.description, 80)) %> -- Posted via http://www.ruby-forum.com/.

Hi Railers, For some time now I''ve been looking for a decent Rails equivalent of PHP''s "htmlentities" command, because ERB''s html_escape (or more commonly called as just "h", eg. <%=h @somevariable %> ) just doesn''t go far enough for me. Back in PHP land, I actually had an extended version of the htmlentities command to deal with

Hello, Is there a common way of stripping html tags from a string? Right now I''m just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always having used its strip_tags() method, I wonder if the Rails community has standardized this fairly common task with something a bit less simpleminded than my quick fix. Thanks! Zack -------------- next part

Hi there. I''m using RedCloth as part of a social network''s blog system. I came across the following bug when an img tag with the src attribute is inputted, and filter_html is set to true. I have pasted the code sample below. >> require ''RubyGems'' => true >> require ''RedCloth'' => true >>

I''ve stucked to such problem: I have html entities in database, after using scaffold I''ve got these chars not converted (I have strictly " and & in page source). It is what I need, but after making ./script/generate scaffold modelname controllername (recreating controller) I''ve got all special chars converted into entities like (&quot and others). How can

Hi, I want to calculate difference between Current date & previous date (stored in database). The difference should be in days. Hhow to do that?? PLs tell me. Thanx in advance. Prash -- Posted via http://www.ruby-forum.com/.

Hi All, I posted earlier about a problem I was having with the various remote view methods escaping all the javascript in my callbacks. I was quickly informed that that''s just what they do, and offered some workarounds. However, in actually working with this, I''m finding that this one little thing is forcing me to write some REALLY ugly code. Where I thought I could

--- generator/utils.ml | 8 +++++++- generator/utils.mli | 3 +++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/generator/utils.ml b/generator/utils.ml index b24ba8c..3a62084 100644 --- a/generator/utils.ml +++ b/generator/utils.ml @@ -360,4 +360,10 @@ let args_of_optargs optargs = | OInt64 n -> Int64 n | OString n -> String n | OStringList n ->

I am seeing a curious anomaly with the inspect method. It displays one of the objects in a way I don''t understand. I''ll use the Recipes example to illustrate. First, I''ll describe the recipes table, then show how the @recipe variable is being created in the controller and passed in to the show view, and then show how I''m using the

This page: http://www.rails-engines.org/download makes it sound like SVN is optional for using engines, but when I try to run the second command ("ruby script/plugin install engines"), I get the NoMethodError on nil as described in the second issue reported here: http://www.rails-engines.org/wiki/pages/Engines+plugin%3A+Known+Issues So, which is it? Do I have to have SVN installed

In web applications that have user generated content, it is clearly necessary to provide some ability to ''escape'' user generated text to avoid SQL injection, XSS, and other nasty attacks. The existing dogma on this point seems to favor escaping text as it comes out of the database, rather than doing it on the way in. I''m not sure that I understand the logic behind

In the "Agile Web Development with Rails" book it runs through making an example application, a shopping cart. In one of the views files, there is one line of code I dont understand (below), I dont know what the "h" is for, also I took the h out, and it did not affect the application (as far as i could see). <%= h(product.title) %> Can anyone shed some light on this

Hi, I use link_to_remote to create a link to trigger an ajax, things work fine, a new rhtml is created, however, the newly created rhtml doesn''t replace my old zone, it shows instead on top of my old zone...Does someone know why??? my code is like <table> <tr><td colspan="2"><a href="#" onclick="new Ajax.Updater(''zone1'',

I''ve found vague mentions of various attempts at creating an ActiveRecord adapter for the KirbyBase pure Ruby DBMS, but nothing which looks like it''s actually working. Anyone know of such an adapter that is functional and available? b

I want to test that the JSON response from a create action is sanitized properly, but rspec or webrat appears to be parsing the output into proper HTML chars instead of escaped characters. I have verified that it escapes properly in the regular browser json response. The relevant RSpec test code is: include ActionView::Helpers::TextHelper include ActionView::Helpers::UrlHelper it

Hi, I''d like to call a background image for every item in a list. Something like div#nav li.submenu {background: url(dropmenu.gif) 95% 50% no-repeat;} the image is in public/images/dropmenu.gif Thanks, Peter