How can I escape characters in controller? I mean replacing '"' to '"', '&' to '&' and so on?
The way I used to do it was include the helper module that defined 'html_escape', or the alias method 'h', then they became available.
What's strange here is html_escape is nowhere to be found on http://api.rubyonrails.com/
Am I missing something, or is it too early, or both?!
Just in case, it is a bit suspicious to escape data in the controller, normally is the view who knows whether it needs to apply anything to the raw data to have it displayed correctly. If the view is rhtml that is a call to h().
Why do you need that?
-- fxn
I have a class that generates flash object html declaration. The class instance is created in controller and passed to view where it ouputs html code using to_html method. So I though about initializing my class using already escaped data. Of course I could do escaping in the class itself, but I wanted to know if there's a standard way to do it.
To Chris: html_escape is in file erb.rb, thanks for hint.
Nice. I still could've sworn that these methods used to be listed in the method list in the docs.
Can anyone shed some light on why they're not anymore? Or tell me I'm crazy, and they were never there in the first place.
You can have them available anywhere mixin the module from Action View where the helper you need is defined.
Having said that, with the given information I'd say that generator would receive normal strings, and encode them as needed for #to_html. To do that the class would mixin ERB::Util, which is the module that provides html_escape in RHTML templates.
-- fxn
