Util.html_escape() in erb file

rubyonrails-talk
1

I have this in my .erb file

<%= text_area_tag 'text', h(@text), :style => "width: 100%", :rows => 6 %> or <%= text_area_tag 'text', html_escape(@text), :style => "width: 100%", :rows => 6 %>

and it does not actually escape the characters

This is what is in my page source

<textarea id="text" name="text" rows="6" style="width: 100%">&amp;lt;a href=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt; this is what i say</textarea>

Any ideas would be appreciated Thanks

2

What is in @text and what did you expect the html to look like?

Colin

3

Colin Law wrote:

This is what is in my page source

�<textarea id="text" name="text" rows="6" style="width: 100%">&amp;lt;a href=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt; this is what i say</textarea>

What is in @text and what did you expect the html to look like?

Colin

Hi

My question was not clear, I am seeing text in the textarea instead of html

@text is &amp;lt;ahref=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt;this is what i say

and what I want to see is <a href="http://www.blahblah.org/blah&quot;&gt; LetterAttack this is what i say

Thanks

4

So, for example, you have the string "&amp;lt;" and you want want to convert it to "<"? I think that could be tricky, it is certainly not what is meant by escaping, it is more de-escaping. Can you not start with the text in a simpler form before it is escaped? If you have only a limited set of substrings that need converting then I think you may just have to write code to convert them.

Colin

5

Don't do anything and the escaped characters will appear as you intend.

in view code: <% text = "&nbsp; &lt;a href=&nbsp; &quot;http://www.blahblah.org/ blah&quot;&gt;LetterAttack...&lt;/a &gt; is what i say" -%>

<textarea><%= text -%></textarea>

renders like this: <a href= "http://www.blahblah.org/blah&quot;&gt;LetterAttack\.\.\.&lt;/a > is what i say

6

html_scape does that , you are causing the output

7

Don't do anything and the escaped characters will appear as you intend.

in view code: <% text = "&nbsp; &lt;a href=&nbsp; &quot;http://www.blahblah.org/ blah&quot;&gt;LetterAttack...&lt;/a &gt; is what i say" -%>

<textarea><%= text -%></textarea>

renders like this: <a href= "http://www.blahblah.org/blah&quot;&gt;LetterAttack\.\.\.&lt;/a > is what i say

Will it not display <a href... on screen rather than generating an html href tag?

Colin

8

Phillip wrote:

Don't do anything and the escaped characters will appear as you intend.

in view code: <% text = "&nbsp; &lt;a href=&nbsp; &quot;http://www.blahblah.org/ blah&quot;&gt;LetterAttack...&lt;/a &gt; is what i say" -%>

<textarea><%= text -%></textarea>

renders like this: � <a href=� "http://www.blahblah.org/blah&quot;&gt;LetterAttack\.\.\.&lt;/a > is what i say

In the textarea on the html page it is rendering like &amp;lt;ahref=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt;this is what i say

it is not <a href="http://www.blahblah.org/blah&quot;&gt; LetterAttack this is what i say in the textarea

@text; h(@text); html_escape(@text) in the .erb file all display &amp;lt;ahref=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt;this is what i say in the textarea on the html page (where @text is &amp;lt;ahref=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt;this is what i say)

I want it to display <a href= "http://www.blahblah.orgblah">LetterAttack...</a> is what i say

Thanks

9

I am still confused I am afraid. Do you want it to _display_ <a href =... so that is exactly what appears on the screen, or do you want it to display a link to the URL, showing the text LetterAttack?

Colin

10

Colin Law wrote:

<a href="http://www.blahblah.org/blah&quot;&gt; LetterAttack this is what i say I want it to display <a href= "http://www.blahblah.orgblah">LetterAttack...</a> is what i say

I am still confused I am afraid. Do you want it to _display_ <a href =... so that is exactly what appears on the screen, or do you want it to display a link to the URL, showing the text LetterAttack?

Colin

Hi

I want to display html in the textarea i.e more like de-scaping as you describe

<%= label_tag 'text', @text %><br/> <%= text_area_tag 'text', @text , :style => "width: 100%", :rows => 6 %>

The label displays correctly i.e. <a href="http://www.blahblah.orgblah">LetterAttack...</a> is what i say

whereas in the textarea it is displayed as &amp;lt;ahref=&amp;quot;http://www.blahblah.org/blah&amp;quot;&amp;gt;LetterAttack&amp;lt;/a&amp;gt;this is what i say

Thanks

11

add .html_safe