Wow, you young whippersnappers these days have no patience eh (that is a joke for the humour impaired).
Apparently, the html_escape code in Rails/Erb/Most projects I have ever seen, assumes (rightly or wrongly) that your input will NOT have ANY markup's already converted inside it. The trick is to make the html_escape somewhat more tolerant. The code I would suggest would be something like this;
irb(main):014:0> s="this is test"
=> "this is test"
irb(main):015:0> s.gsub(/(&+(?!amp;))/,"&")
=> "this is   test"
irb(main):016:0> s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&")
=> "this is test"
Of course, you probably want to fling that into an 'override' for your application (eg; application.rb) something along the lines of;
def html_escape(s)
s.to_s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<")
end
I assume that if you fling it in there, everything will be good with the world. You may have to deal with re-declaring the alias and the module_functions again, no idea. Take with a pinch of salt (or vinegar if your that perverse). Hopefully you get the idea.
You could always update the erb.rb file that I believe is the main 'culprit', and you could submit a patch to the Erb maintainer. You get the idea, share the wealth etc etc
Sorry for the rambling incoherent-ness of this message, I have only had my second cup of coffee so far
Regards
Stef
Wow, you young whippersnappers these days have no patience eh
(that is a joke for the humour impaired).
Apparently, the html_escape code in Rails/Erb/Most projects I have ever
seen, assumes (rightly or wrongly) that your input will NOT have ANY
markup's already converted inside it. The trick is to make the
html_escape somewhat more tolerant. The code I would suggest would be
something like this;
irb(main):014:0> s="this is test"
=> "this is test"
irb(main):015:0> s.gsub(/(&+(?!amp;))/,"&")
=> "this is &nbsp; test"
irb(main):016:0>
s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&")
=> "this is test"
Of course, you probably want to fling that into an 'override' for your
application (eg; application.rb) something along the lines of;
def html_escape(s)
s.to_s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&").gsub(/\"/,
""").gsub(/>/, ">").gsub(/</, "<")
end
I assume that if you fling it in there, everything will be good with the
world. You may have to deal with re-declaring the alias and the
module_functions again, no idea. Take with a pinch of salt (or vinegar
if your that perverse). Hopefully you get the idea.
You could always update the erb.rb file that I believe is the main
'culprit', and you could submit a patch to the Erb maintainer. You get
the idea, share the wealth etc etc
Sorry for the rambling incoherent-ness of this message, I have only had
my second cup of coffee so far
Regards
Stef
>
You could try this...
require 'cgi'
def htmlarize(str)
CGI.unescapeHTML(str)
end
