Util.html_escape() in erb file

11155 · September 23, 2010, 3:44am

I have this in my .erb file

<%= text_area_tag 'text', h(@text), :style => "width: 100%", :rows => 6 %> or <%= text_area_tag 'text', html_escape(@text), :style => "width: 100%", :rows => 6 %>

and it does not actually escape the characters

This is what is in my page source

<textarea id="text" name="text" rows="6" style="width: 100%">&lt;a href=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt; this is what i say</textarea>

Any ideas would be appreciated Thanks

Colin_Law1 · September 23, 2010, 7:34am

What is in @text and what did you expect the html to look like?

Colin

11155 · September 23, 2010, 8:20am

Colin Law wrote:

This is what is in my page source

�<textarea id="text" name="text" rows="6" style="width: 100%">&lt;a href=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt; this is what i say</textarea>

What is in @text and what did you expect the html to look like?

Colin

Hi

My question was not clear, I am seeing text in the textarea instead of html

@text is &lt;ahref=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt;this is what i say

and what I want to see is <a href="http://www.blahblah.org/blah"> LetterAttack this is what i say

Thanks

Colin_Law1 · September 23, 2010, 8:32am

So, for example, you have the string "&lt;" and you want want to convert it to "<"? I think that could be tricky, it is certainly not what is meant by escaping, it is more de-escaping. Can you not start with the text in a simpler form before it is escaped? If you have only a limited set of substrings that need converting then I think you may just have to write code to convert them.

Colin

Phillip · September 23, 2010, 2:03pm

Don't do anything and the escaped characters will appear as you intend.

in view code: <% text = "  <a href=  "http://www.blahblah.org/ blah">LetterAttack...</a > is what i say" -%>

renders like this: <a href= "http://www.blahblah.org/blah">LetterAttack\.\.\.</a > is what i say

radhames_brito · September 23, 2010, 2:06pm

html_scape does that , you are causing the output

Colin_Law1 · September 23, 2010, 3:21pm

Don't do anything and the escaped characters will appear as you intend.

in view code: <% text = "  <a href=  "http://www.blahblah.org/ blah">LetterAttack...</a > is what i say" -%>

<textarea><%= text -%></textarea>

renders like this: <a href= "http://www.blahblah.org/blah">LetterAttack\.\.\.</a > is what i say

Will it not display <a href... on screen rather than generating an html href tag?

Colin

11155 · September 24, 2010, 4:58am

Phillip wrote:

Don't do anything and the escaped characters will appear as you intend.

in view code: <% text = "  <a href=  "http://www.blahblah.org/ blah">LetterAttack...</a > is what i say" -%>

<textarea><%= text -%></textarea>

renders like this: � <a href=� "http://www.blahblah.org/blah">LetterAttack\.\.\.</a > is what i say

In the textarea on the html page it is rendering like &lt;ahref=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt;this is what i say

it is not <a href="http://www.blahblah.org/blah"> LetterAttack this is what i say in the textarea

@text; h(@text); html_escape(@text) in the .erb file all display &lt;ahref=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt;this is what i say in the textarea on the html page (where @text is &lt;ahref=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt;this is what i say)

I want it to display <a href= "http://www.blahblah.orgblah">LetterAttack...</a> is what i say

Thanks

Colin_Law1 · September 24, 2010, 6:53am

I am still confused I am afraid. Do you want it to _display_ <a href =... so that is exactly what appears on the screen, or do you want it to display a link to the URL, showing the text LetterAttack?

Colin

11155 · September 27, 2010, 3:36am

Colin Law wrote:

<a href="http://www.blahblah.org/blah"> LetterAttack this is what i say I want it to display <a href= "http://www.blahblah.orgblah">LetterAttack...</a> is what i say

I am still confused I am afraid. Do you want it to _display_ <a href =... so that is exactly what appears on the screen, or do you want it to display a link to the URL, showing the text LetterAttack?

Colin

Hi

I want to display html in the textarea i.e more like de-scaping as you describe

<%= label_tag 'text', @text %><br/> <%= text_area_tag 'text', @text , :style => "width: 100%", :rows => 6 %>

The label displays correctly i.e. <a href="http://www.blahblah.orgblah">LetterAttack...</a> is what i say

whereas in the textarea it is displayed as &lt;ahref=&quot;http://www.blahblah.org/blah&quot;&gt;LetterAttack&lt;/a&gt;this is what i say

Thanks

radhames_brito · September 27, 2010, 4:17am

add .html_safe