<%=h...%>

Rails
1

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

Thanks.

2

Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

Thanks.

Hi,

I know the use of <%=h…%> is to show the html tags:

Consider the following example:

@a= “hi how are
you.”

<%= @a %>
#=> hi how are
you.

<%=h @a %>
#=> hi how are
you.

Regards,

Saurabh

3

On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not

Fred

4

Frederick C. wrote:

On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not

Fred

Thanks a lot everyone for your replies.

Fred, can you just clarify?

  • html_escape
  • XSS attacks

Thanks a lot.

5

On Jul 21, 9:37 am, Abder-Rahman A. [email protected] wrote:

Fred, can you just clarify?

  • XSS attacks

that’s a huge topic - LMGTFY - Let Me Google That For You

Fred

6

Frederick C. wrote:

On Jul 21, 9:37�am, Abder-Rahman A. [email protected] wrote:

Fred, can you just clarify?

  • XSS attacks

that’s a huge topic - LMGTFY - Let Me Google That For You

Fred

Thanks Fred.