Convert html entities? Just use html_safe?


I’m importing lots of products via XML. Some characters like the swedish
, are encoded as å for instance. When I print it I just append
.html_safe to make it appear correct.

Is this a good and safe approach or should I convert the characters in
other way?

It depends.

If the strings are entered by the user you should stay away from using
html_safe because you open your application to html injection attacks.

If the strings come from a trusted source, it is OK to use html_safe.

On Dec 18, 5:50pm, Linus P. [email protected]