HTML in db columns

Don_French · December 14, 2008, 2:39am

I have some text columns where I would like many of the html commands available. I can insert tags in the field with no problem and it stays there. When I try to use the data like <%= @item.description %> I loose several of the tags. They do not work. Particularly the <ul> <ol> <li> tags. The tags work along with font and color.

Are they being filtered out automatically?

I am on rails 2.2.2.

What do I need to do to get a column to display in the format specified. Ultimately I want to use one of the wysiwyg editors on the site, but If I can not get the output to display, it is of no use

Thank you

Don French

Phlip · December 14, 2008, 2:46am

Don French wrote:

I have some text columns where I would like many of the html commands available. I can insert tags in the field with no problem and it stays there. When I try to use the data like <%= @item.description %> I loose several of the tags. They do not work. Particularly the <ul> <ol> <li> tags. The tags work along with font and color.

Are they being filtered out automatically?

Not at all - if you put raw text in you should get raw text out. (Probably UTF-8...)

How long is your description field? If it's not a TEXT blob, it might truncate at 255.

What do your unit tests say about the description field, and the view it constructs?

What do I need to do to get a column to display in the format specified. Ultimately I want to use one of the wysiwyg editors on the site, but If I can not get the output to display, it is of no use

We do it all the time.

But just today I could not get a <li> to display its freaking list-style-type: disc for anything. Both Firefox and IE caught the bug. Maybe it's a lunar phase thing, and you caught it too!

Don_French · December 15, 2008, 1:45pm

The column is a text type. I get but not <ol><li> The bullets are just left out.

hassan · December 15, 2008, 3:47pm

"bullets" are a visual attribute of OL/LI defined by the page's CSS; are you sure your style sheet isn't overriding the default browser view, or causing the bullets to be hidden by another element?

OTOH, if you can't see the OL/LIs in a page via `view source` I think you'll need to post some code.

11175 · December 15, 2008, 5:40pm

The column is a text type. I get but not <ol><li> The bullets are just left out.

It sounds to me like your HTML is getting sanitized somewhere, which is actually a really good thing. Allowing raw HTML to be passed though from an input (textfield, textarea, etc.) and then displayed without being sanitized can lead to all sort of security problems.

My recommendation would be to look into supporting Textile/Markdown in your input textarea and make sure you are properly sanitizing your HTML. Otherwise, you may leave yourself open to cross-site scripting or SQL injection attacks.