Hello,
I’m trying to follow a book (www.RailsSpace.com). The book was made
with an older version of Rails, but I’m using Rails 3. I’ve got a
snippet of code in my application helper that is supposed to add a text
field… It does, but it comes out as escaped TEXT on the webpage. Here
is my helper method:
def text_field_for(form, field,
size=HTML_TEXT_FIELD_SIZE,
maxlength=DB_STRING_MAX_LENGTH)
label = content_tag(“label”, “#{field.humanize}:”, :for => field)
form_field = form.text_field field, :size => size, :maxlength =>
maxlength
content_tag(“div”, “#{label} #{form_field}”, :class => “form_row”)
end
Then the ERB:
<%= text_field_for form, “first_name” %>
…and finally when it’s rendered:
First name:
…which looks right, but it’s escaped HTML text for some reason. Any
know why?
Thanks,
On Jan 30, 6:40pm, Jeff M. [email protected] wrote:
label = content_tag(“label”, “#{field.humanize}:”, :for => field)
maxlength=“255” name=“spec[first_name]” size=“15” type=“text” value=""
/>
…which looks right, but it’s escaped HTML text for some reason. Any
know why?
Rails now has XSS protection built in. You need to tell rails that the
string you’ve constructed ("#{label} #{form_field}") is safe. One way
of doing this is calling html_safe! on it
Fred
…
content_tag(“div”, “#{label} #{form_field}”.html_safe!, :class =>
“form_row”)
…
gives me the error: You can’t call html_safe! on a String.
Obviously I’m doing this wrong… where should I place html_safe! ?
Thanks,
Ah! I got it. Thanks for pointing me in the right direction!
On Jan 30, 2011, at 2:05 PM, Jeff M. wrote:
- Jeff M.
It’s just .html_safe (no ! on it)
-Rob
Rob B.
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/