Escaping html?


I have a wysiwyg html ditor in my app. How do I escape html written to
database and encoding when I display the content>


I’m not sure if I understand your question. However if you want to
display literally (not rendered) the actual html that was stored in
the database then use the ‘h’ helper method to sanitize/escape it like

This displays it literally without rendering the html (sanitized)
<%= h @myhtmlcontent %>

or this renders the html inline
<% @myhtmlcontent %>

Hope that helps,

Jeff B.

Tx Jeff

I want to sore the html in the database and diaplay it inline. I am
the tinyce plugin to do the wysiwyg, store it in the database and then
displays as bold text instead of inline.

maybe I should use the ‘h’ helpet when i store?

Anyway - I will play around a bit.


Tx Jeff

Will give it a bash and post my experience.

Stuck in authentication at the mo!



OK. So if you want it to render inline you would do something like

<%= @mycontent %>

but, maybe the reason it isn’t working for you is because what is
ending up being saved in the database is already escaped like < is
saved as < > is >…

So you may need to unescape the html either before you save it or
before you output it. You can use the CGI class to do this

require ‘cgi’
unescaped = CGI::unescapeHTML( escapedHtml )

Hope that helps,


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs