i have this in my database :
<p><u>kkkkkkkkkkkkkkkk </u><strong>kknk </strong></p>
When i want to display my database content, this code isn't interpreted as html.
It is just displayed as text. i would like this content to be interpreted. (so will give a bold text, an underlined word etc..).
just put:
<%=content.html_safe%>
Here are a bit more ways:
<%= raw content %>
<%= h content %>
<%= content.html_safe %>
and a comparison:
raw vs. html_safe vs. h to unescape html
Related
I am using Grover to convert HTML pages to PDF, which leverages Puppeteer for Google Chrome. I have a bunch of Ruby on Rails partials that I am cycling through and rendering, and I am inserting a page break between each partial render. However, I noticed that my page break is a p element, and sometimes if the text on the page extends all the way to the bottom of the page by the footer, then the p element ends up being on the next page, followed by the page break. This causes a blank page.
Here's what I'm using as a page break:
<p style="page-break-after: always;"> </p>
I think this is what's happening:
If I adjust the footer margins to be smaller, then it works fine (because the p element has more room on the existing page), but I constantly have to tweak this footer margin.
This is what my Rails code looks like:
<% items.each do |item| %>
<% unless item == items[0] %>
<p style="page-break-after: always;"> </p>
<% end %>
<%= render partial: "common/report_templates/shared/item" %>
<% end %>
I have been trying to find something about embedding HTML code inside a partial argument for days but I have not found anything so I'm guessing it isn't possible. But it seems like it should be.
I have a static page in my Rails app which has a lot of sections and each section can have subsections. I could just make the entire page just plain HTML. But I didn't want to repeat the same formatting over and over in case I want to change classes or something else.
So I have the following _section.html.erb partial file:
<div class="row">
<h4><%= heading %></h4>
<% subsections.each do |section| %>
<% if section[:header] %>
<h5 class="primary-text"><%= section[:header] %></h5>
<% end %>
<p><%= section[:body] %>
<% end %>
</div>
That works fine. But what if I want to include a link to a page or an email inside one of the subsections? It doesn't work just by passing it in as part of the quotes text. It shows the actual HTML tags.
Is there a real way to do this or should I give up and just write plain HTML with repeated section formatting?
You mark your text as html_safe. For example:
<%= section[:header].html_safe %>
But I would suggest using sanitize method because of security resonons:
<%= sanitize section[:header] %>
Probably sometimes you will want to configure sanitize method. Here you can read how to do this:
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
You can read more about security here:
http://guides.rubyonrails.org/security.html#cross-site-scripting-xss
I display some text in the view:
....
<%: model.Content %>
....
my model.Content contains html tags, and I want to display them not as text, but as html. How to do it?
Thanks.
As of MVC 3 you can use:
#Html.Raw(model.Content)
<%= model.Content %>
Be careful with this because it could open your site to XSS attacks.
Use:
<%: MvcHtmlString.Create(model.Content) %>
or
<%= model.Content %>
Because <%: does Html encoding, while <%= doesn't.
MvcHtmlString.Create creates a 'save' Html string, which<%: takes and prints out as is.
<%= Model.Content %>
The colon : is short for Html.Encode() while equal = simply post what is in the string.
#post.body has following content (which is converted from Markdown by using RDiscount).How should I render it to the user in what it means? i.e I want to render it as strong text emphasized text...
<p><strong>strong text</strong> </p> <p><em>emphasized text</em> </p> <blockquote> <p>this is a quote</p> </blockquote><p><img src="http://www.picturehouse.com/titles/images/rock.jpg" alt="alt text" title="" /> </p>
Using <%= #post.body => will only display it as the text shown above.
Assuming Rails 3, use the raw helper method e.g.
<%= raw(#post.body) %>
Escaping HTML output is on by default in all view templates (in contrast to earlier versions where you had to use the h method to escape strings individually.)
Are you using rails 3? It automatically escapes all contents of <%= %> tags. To avoid it, do
<%= raw(#post.body) %>
I take it you're in Rails 3? One big change is that displayed text used to be raw by default, and you had to sanitize it yourself. Now it's the other way around. Call it like this:
<%= raw(#post.body) %>
And you'll get what you're looking for.
Quick, Easy, & to the Point
<%== #post.body %>
More Information
<%== #post.body ==> is an alias to <%= raw(#post.body) ==>
https://edgeguides.rubyonrails.org/active_support_core_extensions.html#output-safety
I'm a beginner to Ruby/Rails, and just generated my first HTML programmatically - kind of exciting-- but when I viewed "page source" from the browser, my HTML had all these additional gaps and messed up the logical indentation:
This code in a View:
<% #states_array.each do |state| %>
<ul><%= state %></ul>
<% end %>
and this code in my application.html.erb layout:
Practice Header
<div class="text">
<%= yield %>
</div>
<div class="footer">
</div>
Produced this HTML when I viewed page source for that page:
<div class="header">
Practice Header
</div>
<div class="text">
<ul>California</ul>
<ul>Colorado</ul>
<ul>Florida</ul>
<ul>Georgia</ul>
<ul>New York</ul>
<ul>North Carolina</ul>
<ul>North Dakota</ul>
<ul>Oregon</ul>
</div>
<div class="footer">
</div>
only an extra space occurred after each row, and the logical indentation of where I put the <%= yield %> was lost. Thanks so much for your help in advance.
You can suppress the trailing newline by closing with a minus sign:
<% some.ruby.statement -%>
If the beauty of your markup really matters to you, look into Haml (http://haml-lang.com/).
<% #states_array.each do |state| %>
<ul><%= state %></ul>
<% end %>
Results in the string "\n<ul>state</ul>\n" for each state in the array. So the output is technically correct. You could use
<% #states_array.each do |state| %><ul><%= state %></ul>
<% end %>
But that's not as easy to read in your code. I've read there is a way to skip the trailing new lines but don't recall the exact method (Update: see #user156011's answer).
But the truth is - it doesn't really matter. HTML is for the browser - don't worry about how it looks. The only time you really need to pay attention is when two tags must exist one after the other without spacing to prevent browsers from injecting default whitespace - like in a series of tags sliced up from a larger image.
If you're going for markup readability - Haml has been nothing but a dream for me.
In development mode, it outputs gorgeous HTML that is properly indented.
It'll switch to "ugly mode" by default when your app is run in production mode, to save on server resources.
However, if you're new to Ruby/Rails, learning a new templating language may not be in your best interest. (Still, I'd argue that if you can learn ERb, you can easily pickup Haml in a day.)
If you're going to stick to ERb, you can use the <%- and -%> will respectively supress leading/trailing whitespace. Which may help in your quest for clean markup.
Best of luck :)
~Robbie
You should probably change it to something like:
<ul>
<% #states_array.each do |state| %>
<li><%= state %></li>
<% end %>
</ul>