Escaping characters in controller

Domas_S · November 22, 2006, 2:18pm

How can I escape characters in controller?
I mean replacing ‘"’ to ‘&quot’, ‘&’ to ‘&’ and so on?

Domas_S · November 22, 2006, 4:18pm

On 11/22/06, Domas S. [email protected] wrote:

How can I escape characters in controller?
I mean replacing ‘"’ to ‘&quot’, ‘&’ to ‘&’ and so on?

The way I used to do it was include the helper module that defined
‘html_escape’, or the alias method ‘h’, then they became available.

What’s strange here is html_escape is nowhere to be found on
http://api.rubyonrails.com/

Am I missing something, or is it too early, or both?!

–

Chris M.
Web D.
Open Source & Web Standards Advocate

Domas_S · November 22, 2006, 4:32pm

On Nov 22, 2006, at 2:15 PM, Domas S. wrote:

How can I escape characters in controller?
I mean replacing ‘"’ to ‘&quot’, ‘&’ to ‘&’ and so on?

Just in case, it is a bit suspicious to escape data in the
controller, normally is the view who knows whether it needs to apply
anything to the raw data to have it displayed correctly. If the view
is rhtml that is a call to h().

Why do you need that?

– fxn

Domas_S · November 22, 2006, 5:13pm

I have a class that generates flash object html declaration. The class
instance is created in controller and passed to view where it ouputs
html code using to_html method. So I though about initializing my
class using already escaped data. Of course I could do escaping in the
class itself, but I wanted to know if there’s a standard way to do it.

To Chris:
html_escape is in file erb.rb, thanks for hint.

Domas_S · November 22, 2006, 5:33pm

On 11/22/06, Domas S. [email protected] wrote:

To Chris:
html_escape is in file erb.rb, thanks for hint.

Nice.
I still could’ve sworn that these methods used to be listed in the
method list in the docs.

Can anyone shed some light on why they’re not anymore?
Or tell me I’m crazy, and they were never there in the first place.

–

Chris M.
Web D.
Open Source & Web Standards Advocate

Domas_S · November 22, 2006, 5:45pm

On Nov 22, 2006, at 5:11 PM, Domas S. wrote:

I have a class that generates flash object html declaration. The class
instance is created in controller and passed to view where it ouputs
html code using to_html method. So I though about initializing my
class using already escaped data. Of course I could do escaping in the
class itself, but I wanted to know if there’s a standard way to do it.

You can have them available anywhere mixin the module from Action
View where the helper you need is defined.

Having said that, with the given information I’d say that generator
would receive normal strings, and encode them as needed for #to_html.
To do that the class would mixin ERB::Util, which is the module that
provides html_escape in RHTML templates.

– fxn