Forum: Ruby Magic Quotes in Ruby?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Nathan O. (Guest)
on 2006-04-27 03:02
(I thought I posted this question just a bit ago but I can't find it
now. Sorry if this is a double-posting)

I have some strings in a CGI script of mine that will sometimes contain
double-quotation marks (""). These behave normally when I use them
directly (i.e., puts str will return a string that contains quotes just
fine), but misbehave when I try to concatenate them with other strings
(i.e., puts str + "other stuff").

I've seen this sort of "magic quotes" problem in other languages, but
I'm having a lot of trouble getting this to work. I've tried several
variations on gsub, as well as a couple of other things, but none seem
to work.

Is there a way to work around this?
Luke B. (Guest)
on 2006-04-27 03:13
(Received via mailing list)
Nathan O. wrote:
> (I thought I posted this question just a bit ago but I can't find it
> now. Sorry if this is a double-posting)
>
> I have some strings in a CGI script of mine that will sometimes contain
> double-quotation marks (""). These behave normally when I use them
> directly (i.e., puts str will return a string that contains quotes just
> fine), but misbehave when I try to concatenate them with other strings
> (i.e., puts str + "other stuff").
>
I'm not seeing this:
irb(main):004:0> s = "ab\"c\""
=> "ab\"c\""
irb(main):005:0> puts s
ab"c"
=> nil
irb(main):006:0> puts s + "other stuff"
ab"c"other stuff
=> nil
irb(main):007:0>
> I've seen this sort of "magic quotes" problem in other languages, but
> I'm having a lot of trouble getting this to work. I've tried several
> variations on gsub, as well as a couple of other things, but none seem
> to work.
>
> Is there a way to work around this
I'm guessing this is really an escaping problem.  You're trying to
generate html without doing any escaping?  Try viewing the source of
your generated page -- the quotes are no doubt all there just as you
output them, but they're probably interfering with html attributes.

Luke
Nathan O. (Guest)
on 2006-04-27 03:15
Luke B. wrote:
> I'm guessing this is really an escaping problem.  You're trying to
> generate html without doing any escaping?  Try viewing the source of
> your generated page -- the quotes are no doubt all there just as you
> output them, but they're probably interfering with html attributes.

Well, I'm glad you're paying attention to the obvious things, because I
don't seem to!

Yes, it's an HTML escaping problem. Hmm... this might take a while to
clear up.
Justin B. (Guest)
on 2006-04-27 03:25
(Received via mailing list)
Not really - use CGI.escapeHTML(str) and you are all set.
This topic is locked and can not be replied to.