#post.body has following content (which is converted from Markdown by using RDiscount).How should I render it to the user in what it means? i.e I want to render it as strong text emphasized text...
<p><strong>strong text</strong> </p> <p><em>emphasized text</em> </p> <blockquote> <p>this is a quote</p> </blockquote><p><img src="http://www.picturehouse.com/titles/images/rock.jpg" alt="alt text" title="" /> </p>
Using <%= #post.body => will only display it as the text shown above.
Assuming Rails 3, use the raw helper method e.g.
<%= raw(#post.body) %>
Escaping HTML output is on by default in all view templates (in contrast to earlier versions where you had to use the h method to escape strings individually.)
Are you using rails 3? It automatically escapes all contents of <%= %> tags. To avoid it, do
<%= raw(#post.body) %>
I take it you're in Rails 3? One big change is that displayed text used to be raw by default, and you had to sanitize it yourself. Now it's the other way around. Call it like this:
<%= raw(#post.body) %>
And you'll get what you're looking for.
Quick, Easy, & to the Point
<%== #post.body %>
More Information
<%== #post.body ==> is an alias to <%= raw(#post.body) ==>
https://edgeguides.rubyonrails.org/active_support_core_extensions.html#output-safety
Related
I'm working on my first Rails website, but I have a little problem: I want to display the <br/> tags as line breaks, but I also want to display the other tags as strings.
For example, the user input is:
<a href='#2'>Go to #2</a><br/><a href='#3'>Go to #3</a>
I want to display:
<a href='#2'>Go to #2</a><a href='#3'>Go to #3</a>
I know that I can display the <br/> tags as line breaks like this: <%= simple_format #user_input %>
But the problem is that this command display:
Go to #2Go to #3
And not:
<a href='#2'>Go to #2</a><a href='#3'>Go to #3</a>
Thank you in advance!
Use the Rails sanitize helper method and whitelist the tags you want to allow and leave those out that you don't. All those left out would be stripped and shown as text. So in your case it would be something like
<%= sanitize #user_input, tags: %w(br) %>
For the sanitize method api info see http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitize.
You could do something like this:
<% #user_input.split("<br/>").each do |line| %>
<%= line %><br/>
<% end %>
Output:
<a href='#2'>Go to #2</a>
<a href='#3'>Go to #3</a>
Or even better, use a regexp so you can split either <br> or <br/>:
<% #user_input.split(/<br\/>|<br>/).each do |line| %>
<%= line %><br/>
<% end %>
UPDATE
Some cases will fail with the above approach, for example:
<input type="text" value="<br/>">
To be able to handle those cases, you could use Nokogiri, already bundled with rails, but you'll need add a couple of additional steps in your code.
First, your controller:
def some_action
input = "<a href='#2'>Go to #2</a><br/><a href='#3'>Go to #3</a><br><input type='text' value='<br/>'>"
#user_input = Nokogiri::HTML.parse(input)
#user_input.search('br').each { |br| br.replace("\n") }
end
Basically, you will create a Nokogiri HTML document and replace all br tags with "\n".
Second, create a css class to use those "\n" as break lines:
.new-lines {
white-space: pre-line
}
Now you will simply add this to your view:
<div class="new-lines">
<%= #user_input.css('body').children %>
<div>
Notice the use of class="new-lines", this is important to make each "\n" act as a <br>.
And the output:
Go to #2
Go to #3
<input type="text" value="<br/>">
Yes, there is a small caveat since the original value='<br>' turned into value="<br/>", but i hope that not to be a big issue; but if it is, then you could do something like this:
<%= #input.css('body').children.to_s.gsub("<", "<").gsub(">", ">") %>
And the output:
Go to #2
Go to #3
<input type="text" value="<br/>">
You may need to enhance this code further for more edge cases, but i think this example will do the trick.
Also consider using a helper instead of throwing all the code in your controller/view.
In my rails web app (based on the RoR tutorial by Michael Hartl) I have a user mailer which shoots out an activation email when someone signs up. There is an account_activation.*.erb for both HTML and text versions of the email. My account_activation.html.erb is
<h1>Web App</h1>
<p>Hi <%= #user.first_name %>,</p>
<p>Welcome to the Web App!</p>
<% if #user.student? %>
<p>
Once you have activated your account, you need to fill out the following information:
<ul>
...
</ul>
</p>
<% elsif #user.teacher? %>
<p>
You have been created as a teacher.
After activation, you will need to reset your password as it has been
randomly generated.
</p>
<% end %>
<p>Click on the link below to activate your account:</p>
<%= link_to "Activate", edit_account_activation_url(#user.activation_token,
email: #user.email) %>
What I'm wondering is: what the corresponding account_activation.text.erb would be since I have a conditional statement in the HTML?
You can still use interpolated Ruby in your .text.erb files - it's ERB that handles that, not HTML. Your template should look pretty much the same, just laid out for text without any HTML tags.
Since text file print all of your whitespace, you'll probably want to use <%- and -%> tags in some places, which respectively consume space before and after your interpolations. You'll also end up indenting less and not breaking things onto multiple lines, unless you use some tool to clean that up.
Web App
Hi <%= #user.first_name %>,
Welcome to the Web App!
<%- if #user.student? -%>
Once you have activated your account, you need to fill out the following information:
- One
- Two
<%- elsif #user.teacher? -%>
You have been created as a teacher. After activation, you will need to reset your password as it has been randomly generated.
<%- end -%>
Click on the link below to activate your account:
<%= link_to "Activate", edit_account_activation_url(#user.activation_token,
email: #user.email) %>
I have been trying to find something about embedding HTML code inside a partial argument for days but I have not found anything so I'm guessing it isn't possible. But it seems like it should be.
I have a static page in my Rails app which has a lot of sections and each section can have subsections. I could just make the entire page just plain HTML. But I didn't want to repeat the same formatting over and over in case I want to change classes or something else.
So I have the following _section.html.erb partial file:
<div class="row">
<h4><%= heading %></h4>
<% subsections.each do |section| %>
<% if section[:header] %>
<h5 class="primary-text"><%= section[:header] %></h5>
<% end %>
<p><%= section[:body] %>
<% end %>
</div>
That works fine. But what if I want to include a link to a page or an email inside one of the subsections? It doesn't work just by passing it in as part of the quotes text. It shows the actual HTML tags.
Is there a real way to do this or should I give up and just write plain HTML with repeated section formatting?
You mark your text as html_safe. For example:
<%= section[:header].html_safe %>
But I would suggest using sanitize method because of security resonons:
<%= sanitize section[:header] %>
Probably sometimes you will want to configure sanitize method. Here you can read how to do this:
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
You can read more about security here:
http://guides.rubyonrails.org/security.html#cross-site-scripting-xss
i have this in my database :
<p><u>kkkkkkkkkkkkkkkk </u><strong>kknk </strong></p>
When i want to display my database content, this code isn't interpreted as html.
It is just displayed as text. i would like this content to be interpreted. (so will give a bold text, an underlined word etc..).
just put:
<%=content.html_safe%>
Here are a bit more ways:
<%= raw content %>
<%= h content %>
<%= content.html_safe %>
and a comparison:
raw vs. html_safe vs. h to unescape html
I'm a beginner to Ruby/Rails, and just generated my first HTML programmatically - kind of exciting-- but when I viewed "page source" from the browser, my HTML had all these additional gaps and messed up the logical indentation:
This code in a View:
<% #states_array.each do |state| %>
<ul><%= state %></ul>
<% end %>
and this code in my application.html.erb layout:
Practice Header
<div class="text">
<%= yield %>
</div>
<div class="footer">
</div>
Produced this HTML when I viewed page source for that page:
<div class="header">
Practice Header
</div>
<div class="text">
<ul>California</ul>
<ul>Colorado</ul>
<ul>Florida</ul>
<ul>Georgia</ul>
<ul>New York</ul>
<ul>North Carolina</ul>
<ul>North Dakota</ul>
<ul>Oregon</ul>
</div>
<div class="footer">
</div>
only an extra space occurred after each row, and the logical indentation of where I put the <%= yield %> was lost. Thanks so much for your help in advance.
You can suppress the trailing newline by closing with a minus sign:
<% some.ruby.statement -%>
If the beauty of your markup really matters to you, look into Haml (http://haml-lang.com/).
<% #states_array.each do |state| %>
<ul><%= state %></ul>
<% end %>
Results in the string "\n<ul>state</ul>\n" for each state in the array. So the output is technically correct. You could use
<% #states_array.each do |state| %><ul><%= state %></ul>
<% end %>
But that's not as easy to read in your code. I've read there is a way to skip the trailing new lines but don't recall the exact method (Update: see #user156011's answer).
But the truth is - it doesn't really matter. HTML is for the browser - don't worry about how it looks. The only time you really need to pay attention is when two tags must exist one after the other without spacing to prevent browsers from injecting default whitespace - like in a series of tags sliced up from a larger image.
If you're going for markup readability - Haml has been nothing but a dream for me.
In development mode, it outputs gorgeous HTML that is properly indented.
It'll switch to "ugly mode" by default when your app is run in production mode, to save on server resources.
However, if you're new to Ruby/Rails, learning a new templating language may not be in your best interest. (Still, I'd argue that if you can learn ERb, you can easily pickup Haml in a day.)
If you're going to stick to ERb, you can use the <%- and -%> will respectively supress leading/trailing whitespace. Which may help in your quest for clean markup.
Best of luck :)
~Robbie
You should probably change it to something like:
<ul>
<% #states_array.each do |state| %>
<li><%= state %></li>
<% end %>
</ul>