RHTML displaying HTML tags in output

Question

RHTML displaying HTML tags in output

I have an RHTML view in Rails where the output comes from my MongoDB collection. The data is displayed correctly using an iteration block, but whenever I try to use HTML tags in my database, they are not displayed in the HTML output, but only displayed.

<%
 @posts.find().each do |post|
%>
 <h1><%=post["name"]%></h1>
 <p><%=post["body"] %></p>
 <p><%=post["timestamp"]%></p>
<%
 end
%>

But for example, if I had

<p>Test</p>

In my database, tags will be displayed instead of printing. A.

+3

ruby ruby-on-rails ruby-on-rails-3 views rhtml

Scott nicol Dec 15 '10 at 13:15

source share

2 answers

raw .html_safe, 100% , sanitize, .

<% = sanitize post [ "name" ] $ >

. http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html

+2

PeterWong 15 . '10 13:53

Mark Thomas · Accepted Answer · 2010-12-15T13:22:05+0000

This is a security protection that is now built into Rails 3. It prevents problems with XSS (cross-site scripting).

If you add raw, you will get the desired result.

<% @posts.each do |post| %> 
 <h1><%=raw post["name"]%></h1> 
 <p><%=raw post["body"] %></p> 
 <p><%=raw post["timestamp"]%></p> 
<% end %>

, HTML-, , , .

Edit:

: raw, sanitize helper. <%=sanitize post["name"], :tags => "p" %>, <p>.

RHTML displaying HTML tags in output

More articles: