Text not rendering as html

Hi,

I initially posted this in the Rails Deployment section by accident.

I have set up TinyMCE as an inkine javascript text editor on my text areas, but when I open show.html.erb it renders out, for example, bold tags as "<strong>Get</strong>" in the actual browser as opposed to "Get".

Can someone please shed some light on this?

This is in my 'notes' controller...

  def show     @note = Note.find(params[:id])

    respond_to do |format|       format.html # show.html.erb       format.xml { render :xml => @note }     end   end

Thanks in advanced. C

Does your show.html.erb have:

<%=h ...stuff... %>

If so, you need to remove the h. Let me know! :slight_smile:

~Dustin Tigner

Hi Dustin,

Yeah it did include the "h" and a I removed it and it worked. THANKS!!!

Why did this work and what was the "h" for. Bit of a newbie.

Hey Clinton, I'm glad that solved your problem. I as well am a Rails newbie and hitting a dead end is no fun. The 'h' as I recall stands for 'helper'. It sterilizes the output for possibly harmful code. That's why you would see <strong>get</strong> instead of just 'get'.

Good luck on your projects!

~Dustin Tigner

Clinton Beattie wrote:

Hi Dustin,

Yeah it did include the "h" and a I removed it and it worked. THANKS!!!

Why did this work and what was the "h" for. Bit of a newbie.

Be aware that you just opened your Rails app up to XSS attacks. By allowing HTML and turning off filtering, you've allowed users to post arbitrary HTML which can do anything from mess up the formatting of the site to steal session cookies. This might not be a problem if the only users who can write to this model are trusted users, but it's something to keep in mind for the future.

This is one of the advantages of a markup language like RedCloth. You can filter HTML and still allow users to post content with markup. Though, RedCloth itself can be used for other malicious things but its impact is limited.

Thanks for that advice.

For the time being it's okay, I think, as this is for a Admin area and the users will be clients.

Best, C