Application Helper Problem

Hello,
I’m trying to follow a book (www.RailsSpace.com). The book was made
with an older version of Rails, but I’m using Rails 3. I’ve got a
snippet of code in my application helper that is supposed to add a text
field… It does, but it comes out as escaped TEXT on the webpage. Here
is my helper method:

def text_field_for(form, field,
size=HTML_TEXT_FIELD_SIZE,
maxlength=DB_STRING_MAX_LENGTH)
label = content_tag(“label”, “#{field.humanize}:”, :for => field)
form_field = form.text_field field, :size => size, :maxlength =>
maxlength
content_tag(“div”, “#{label} #{form_field}”, :class => “form_row”)
end

Then the ERB:
<%= text_field_for form, “first_name” %>

…and finally when it’s rendered:
First name:

…which looks right, but it’s escaped HTML text for some reason. Any
know why?

Thanks,

  • Jeff M.

On Jan 30, 6:40pm, Jeff M. [email protected] wrote:

label = content_tag(“label”, “#{field.humanize}:”, :for => field)
maxlength=“255” name=“spec[first_name]” size=“15” type=“text” value=""
/>

…which looks right, but it’s escaped HTML text for some reason. Any
know why?

Rails now has XSS protection built in. You need to tell rails that the
string you’ve constructed ("#{label} #{form_field}") is safe. One way
of doing this is calling html_safe! on it

Fred


content_tag(“div”, “#{label} #{form_field}”.html_safe!, :class =>
“form_row”)

gives me the error: You can’t call html_safe! on a String.

Obviously I’m doing this wrong… where should I place html_safe! ?

Thanks,

  • Jeff M.

Ah! I got it. Thanks for pointing me in the right direction!

On Jan 30, 2011, at 2:05 PM, Jeff M. wrote:

  • Jeff M.
    It’s just .html_safe (no ! on it)

-Rob

Rob B.
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs