CGI, unescape HTML, sanitize rendering & views

Hi, I have an action which calls amazon API for customer reviews. His
view render the content this way:

<%= CGI.unescapeHTML review[:content]%>

the output is a mix between escaped text and few html tags like the
follow:

<p><em>Heder of comment</em> bla bla comment.</p>

Now, I’d like to use those few tags to mantain the original rendering
from amazon autput, so I do not use Sanitize.clean(review[:content]) for
example.

Is tere a way of doing that? Should be a primer I know, but I cannot
figure out how.

Thanks in advance
Luca

Luca G. Soave wrote:

Hi, I have an action which calls amazon API for customer reviews. His
view render the content this way:

<%= CGI.unescapeHTML review[:content]%>

the output is a mix between escaped text and few html tags like the
follow:

<p><em>Heder of comment</em> bla bla comment.</p>

Now, I’d like to use those few tags to mantain the original rendering
from amazon autput, so I do not use Sanitize.clean(review[:content]) for
example.

Is tere a way of doing that? Should be a primer I know, but I cannot
figure out how.

Do you really need unescapeHTML? What happens if you leave it out?

Thanks in advance
Luca
Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

Marnen Laibow-Koser wrote:

Do you really need unescapeHTML? What happens if you leave it out?

Ok there is something wrong here:

using <%= CGI.unescapeHTML review[:content]%> or <%= review[:content]%>
in my view, get the same output:

Heder of comment bla bla
comment.

… infact I found my lib/amazon.rb already unescaped the API response
and in the view, CGI.unescapeHTML, is simply duplicated and do nothing.

If I remove both of them, I get an output like the following of course:

<p><em> Heder of comment </em> bla bla comment.
</p>

So doesn’t work. I need a way to get a partially unescaped output like:

<p><em>Heder of comment</em> bla bla comment.</p>

dinamically rendered by the view.

I’m not so expert in this field and actually the only solution I found
was to
Sanitize.clean( the get_unescaped API ), but that way I loose the
formatting info got back by Amazin API.

Any other suggestion?
Thanks in advance.
Luca

Luca G. Soave wrote:

Marnen Laibow-Koser wrote:

Do you really need unescapeHTML? What happens if you leave it out?

Ok there is something wrong here:

using <%= CGI.unescapeHTML review[:content]%> or <%= review[:content]%>
in my view, get the same output:

Heder of comment bla bla
comment.

Isn’t that the desired output? What’s the problem?

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

Marnen Laibow-Koser wrote:

Luca G. Soave wrote:

Marnen Laibow-Koser wrote:

Do you really need unescapeHTML? What happens if you leave it out?

Ok there is something wrong here:

using <%= CGI.unescapeHTML review[:content]%> or <%= review[:content]%>
in my view, get the same output:

Heder of comment bla bla
comment.

Isn’t that the desired output? What’s the problem?

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

<p><em>Heder of comment</em> bla bla comment.</p>

is what the browser really display at the end and is the content of the
API responce. It is composed by plain text content which is “Heder of
comment bla bla comment.” plus fews html tags "

".

Now, if I use my “Sanitize.clean” plugin method, I will display just the
plain text content unformatted, loosing the paragraph spaces (

)
and emphasized text ( ).

I’d like a way to interpretate those tags too including them into the
final view.

thank
luca

Marnen Laibow-Koser wrote:

Luca G. Soave wrote:

Marnen Laibow-Koser wrote:

Do you really need unescapeHTML? What happens if you leave it out?

Ok there is something wrong here:

using <%= CGI.unescapeHTML review[:content]%> or <%= review[:content]%>
in my view, get the same output:

Heder of comment bla bla
comment.

Isn’t that the desired output? What’s the problem?

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

<p><em>Heder of comment</em> bla bla comment.</p>

is what the browser really display at the end and is the content of the
API responce. It is composed by plain text content which is “Heder of
comment bla bla comment.” plus fews html tags "

".

Now, if I use my “Sanitize.clean” plugin method, I will display just the
plain text content unformatted, loosing the paragraph spaces (

)
and emphasized text ( ).

I’d like a way to interpretate those tags too including them into the
final view.

thanks
luca