HTML in db columns

I have some text columns where I would like many of the html commands
available. I can insert tags in the field with no problem and it stays
there. When I try to use the data like <%= @item.description %> I
loose several of the tags. They do not work. Particularly the <ul>
<ol> <li> tags. The <b> <i> tags work along with font and color.

Are they being filtered out automatically?

I am on rails 2.2.2.

What do I need to do to get a column to display in the format
specified. Ultimately I want to use one of the wysiwyg editors on the
site, but If I can not get the output to display, it is of no use

Thank you

Don French

Don French wrote:

I have some text columns where I would like many of the html commands
available. I can insert tags in the field with no problem and it stays
there. When I try to use the data like <%= @item.description %> I
loose several of the tags. They do not work. Particularly the <ul>
<ol> <li> tags. The <b> <i> tags work along with font and color.

Are they being filtered out automatically?

Not at all - if you put raw text in you should get raw text out. (Probably UTF-8...)

How long is your description field? If it's not a TEXT blob, it might truncate at 255.

What do your unit tests say about the description field, and the view it constructs?

What do I need to do to get a column to display in the format
specified. Ultimately I want to use one of the wysiwyg editors on the
site, but If I can not get the output to display, it is of no use

We do it all the time.

But just today I could not get a <li> to display its freaking list-style-type: disc for anything. Both Firefox and IE caught the bug. Maybe it's a lunar phase thing, and you caught it too!

The column is a text type. I get <b> <i> but not <ol><li> The bullets
are just left out.

"bullets" are a visual attribute of OL/LI defined by the page's CSS; are
you sure your style sheet isn't overriding the default browser view, or
causing the bullets to be hidden by another element?

OTOH, if you can't see the OL/LIs in a page via `view source` I think
you'll need to post some code.

The column is a text type. I get <b> <i> but not <ol><li> The bullets
are just left out.

It sounds to me like your HTML is getting sanitized somewhere, which is
actually a really good thing. Allowing raw HTML to be passed though from
an input (textfield, textarea, etc.) and then displayed without being
sanitized can lead to all sort of security problems.

My recommendation would be to look into supporting Textile/Markdown in
your input textarea and make sure you are properly sanitizing your HTML.
Otherwise, you may leave yourself open to cross-site scripting or SQL
injection attacks.