not encoding special html chars

J茅r么me (fat) wrote:

Nobody has an answer to this problem ?

Wow, you young whippersnappers these days have no patience eh :stuck_out_tongue: :stuck_out_tongue: (that is a joke for the humour impaired).

Apparently, the html_escape code in Rails/Erb/Most projects I have ever seen, assumes (rightly or wrongly) that your input will NOT have ANY markup's already converted inside it. The trick is to make the html_escape somewhat more tolerant. The code I would suggest would be something like this;

irb(main):014:0> s="this is   test"
=> "this is   test"
irb(main):015:0> s.gsub(/(&+(?!amp;))/,"&")
=> "this is   test"
irb(main):016:0> s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&")
=> "this is   test"

Of course, you probably want to fling that into an 'override' for your application (eg; application.rb) something along the lines of;

聽聽聽聽def html_escape(s)
聽聽聽聽聽聽s.to_s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
聽聽聽聽end

I assume that if you fling it in there, everything will be good with the world. You may have to deal with re-declaring the alias and the module_functions again, no idea. Take with a pinch of salt (or vinegar if your that perverse). Hopefully you get the idea.

You could always update the erb.rb file that I believe is the main 'culprit', and you could submit a patch to the Erb maintainer. You get the idea, share the wealth etc etc :slight_smile:

Sorry for the rambling incoherent-ness of this message, I have only had my second cup of coffee so far :slight_smile:
Regards
Stef

Stef Telford wrote:

J茅r么me (fat) wrote:
聽聽

Nobody has an answer to this problem ?

Wow, you young whippersnappers these days have no patience eh :stuck_out_tongue: :stuck_out_tongue:
(that is a joke for the humour impaired).

Apparently, the html_escape code in Rails/Erb/Most projects I have ever
seen, assumes (rightly or wrongly) that your input will NOT have ANY
markup's already converted inside it. The trick is to make the
html_escape somewhat more tolerant. The code I would suggest would be
something like this;

irb(main):014:0> s="this is &nbsp; test"
=> "this is &nbsp; test"
irb(main):015:0> s.gsub(/(&+(?!amp;))/,"&amp;")
=> "this is &amp;nbsp; test"
irb(main):016:0>
s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&amp;")
=> "this is &nbsp; test"

Of course, you probably want to fling that into an 'override' for your
application (eg; application.rb) something along the lines of;

聽聽聽聽def html_escape(s)
聽聽聽聽聽聽
s.to_s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&amp;").gsub(/\"/,
"&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
聽聽聽聽end

I assume that if you fling it in there, everything will be good with the
world. You may have to deal with re-declaring the alias and the
module_functions again, no idea. Take with a pinch of salt (or vinegar
if your that perverse). Hopefully you get the idea.

You could always update the erb.rb file that I believe is the main
'culprit', and you could submit a patch to the Erb maintainer. You get
the idea, share the wealth etc etc :slight_smile:

Sorry for the rambling incoherent-ness of this message, I have only had
my second cup of coffee so far :slight_smile:
Regards
Stef

>

You could try this...

require 'cgi'
def htmlarize(str)
聽聽CGI.unescapeHTML(str)
end

and do something like:

<%=htmlarize(

聽聽select_tag("input_region", options_for_select(Region.find(:all,
聽聽:order => "name").collect {|c| [ "&nbsp;" * c.ancestors.size + c.name,
聽聽c.id ]}))

)%>

Something like that might work?

Gustav Paul
gustav@rails.co.za
itsdEx.com