Overriding model's save method

rubyonrails-talk
1

Hi!

Okay, so let's start I'm starting rails so here's a noob question for you!

I did a little blog with scaffolding. Everything is working as expected but I'd like to modify it's functionality.

I've been a PHP developer for ages and I'm currently using symfony for almost a year. It's a PHP framework that works in some way like rails.

In my little blog I, sometimes, enter ruby codes with HTML tags (<>) but as there's nothing to convert them to html entities they are not showing up on the page.

As you can see on http://rails.tbergeron.com They are plain HTML tags in my html layout.

So here's what I'd like to do: I'd like to override my model's save method to put something like h() around my text so html could be converted to entities.

Could you help? That'd be awesome!

Thanks a lot!

2

Hi!

Okay, so let's start I'm starting rails so here's a noob question for you!

I did a little blog with scaffolding. Everything is working as expected but I'd like to modify it's functionality.

I've been a PHP developer for ages and I'm currently using symfony for almost a year. It's a PHP framework that works in some way like rails.

In my little blog I, sometimes, enter ruby codes with HTML tags (<>) but as there's nothing to convert them to html entities they are not showing up on the page.

As you can see onhttp://rails.tbergeron.comThey are plain HTML tags in my html layout.

So here's what I'd like to do: I'd like to override my model's save method to put something like h() around my text so html could be converted to entities.

This sounds like a possible job for before_save. Personally though I'd store unsanitized text in the database and sanitize it when displaying (having escaped text in the database might make your editing bits rather more complicated).

Fred

3

[...]

Personally though I'd store unsanitized text in the database and sanitize it when displaying (having escaped text in the database might make your editing bits rather more complicated).

Maybe. If you're just using plain text, then just store it plain in the database and escape it on output. However, if you want to allow HTML tags for formatting, then the database should contain HTML fragments and *not* be escaped on output.

Either way, though, h() on before_save is probably a bad idea.

Fred

Best,