Not encoding special html chars

Rails
1

Hello to all,

I’m confronted to a quite simple problem (I hope so):

In a rhtml file I’m using the following code to make a select from a
act_as_tree Model:

<%= select_tag("input_region", options_for_select(Region.find(:all,

:order => “name”).collect {|c| [ " " * c.ancestors.size + c.name,
c.id ]})) %>

But the generated output is:

&nbsp;Asia &nbsp;Australia &nbsp;Europe &nbsp;&nbsp;France &nbsp;North America &nbsp;South America World

As you can see the   is converted to escape html special
chars(  => &nsbp;). How can I prevent rails to convert html
chars ?

Thx in advance for your answers.

++ Jerome

2

Jerome:

What happens if you use a single space: ’ ’ instead of  ? Does
it convert the space to  ?

-Anthony

3

Anthony C. wrote:

Jerome:

What happens if you use a single space: ’ ’ instead of  ? Does
it convert the space to  ?

-Anthony

If I use ’ ’ instead of ’ ', ’ ’ is not converted into ’ '.

Only HTML spécial chars are converted (& > < and so …)
I think the string is passing through the h funtion. I don’t know how to
prevent it.

I could rewrite de options_for_select but I’m pretty sure there’s an
alternative.

Thx

4

Nobody has an answer to this problem ?

5

Jérôme (fat) wrote:

Nobody has an answer to this problem ?

Wow, you young whippersnappers these days have no patience eh :stuck_out_tongue: :stuck_out_tongue:
(that is a joke for the humour impaired).

Apparently, the html_escape code in Rails/Erb/Most projects I have ever
seen, assumes (rightly or wrongly) that your input will NOT have ANY
markup’s already converted inside it. The trick is to make the
html_escape somewhat more tolerant. The code I would suggest would be
something like this;

irb(main):014:0> s=“this is   test”
=> “this is   test”
irb(main):015:0> s.gsub(/(&+(?!amp;))/,"&")
=> “this is &nbsp; test”
irb(main):016:0>
s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&")
=> “this is   test”

Of course, you probably want to fling that into an ‘override’ for your
application (eg; application.rb) something along the lines of;

def html_escape(s)

s.to_s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,"&").gsub(/"/,
“”").gsub(/>/, “>”).gsub(/</, “<”)
end

I assume that if you fling it in there, everything will be good with the
world. You may have to deal with re-declaring the alias and the
module_functions again, no idea. Take with a pinch of salt (or vinegar
if your that perverse). Hopefully you get the idea.

You could always update the erb.rb file that I believe is the main
‘culprit’, and you could submit a patch to the Erb maintainer. You get
the idea, share the wealth etc etc :slight_smile:

Sorry for the rambling incoherent-ness of this message, I have only had
my second cup of coffee so far :slight_smile:
Regards
Stef

6

Stef Telford wrote:

Apparently, the html_escape code in Rails/Erb/Most projects I have ever
s.gsub(/(&+(?!amp;)(?!lt;)(?!gt;)(?!quot;)(?!nbsp;))/,“&”)

my second cup of coffee so far :slight_smile:
Regards
Stef

You could try this…

require ‘cgi’
def htmlarize(str)
CGI.unescapeHTML(str)
end

and do something like:

<%=htmlarize(

select_tag(“input_region”, options_for_select(Region.find(:all,
:order => “name”).collect {|c| [ " " * c.ancestors.size + c.name,
c.id ]}))

)%>

Something like that might work?

Gustav P.
[email protected]


about me:
My greatest achievement was when all the other
kids just learnt to count from 1 to 10,
i was counting (0…9)

  • gustav.paul
7

You could try this…

require ‘cgi’
def htmlarize(str)
CGI.unescapeHTML(str)
end

and do something like:

<%=htmlarize(

select_tag(“input_region”, options_for_select(Region.find(:all,
:order => “name”).collect {|c| [ " " * c.ancestors.size + c.name,
c.id ]}))

)%>

Something like that might work?

Thanks you very much, it works like a charm.

++ Jerome