In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.
Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?
Thanks.
In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.
Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?
Thanks.
Abder-Rahman A. wrote:
In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?Thanks.
Hi,
I know the use of <%=h…%> is to show the html tags:
Consider the following example:
@a= “hi how are
you.”
<%= @a %>
#=> hi how are
you.
<%=h @a %>
#=> hi how are
you.
Regards,
Saurabh
On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:
In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?
h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not
Fred
Frederick C. wrote:
On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:
In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or notFred
Thanks a lot everyone for your replies.
Fred, can you just clarify?
Thanks a lot.
On Jul 21, 9:37 am, Abder-Rahman A. [email protected] wrote:
Fred, can you just clarify?
- html_escape
ERB::Util
- XSS attacks
that’s a huge topic - LMGTFY - Let Me Google That For You
Fred
Frederick C. wrote:
On Jul 21, 9:37�am, Abder-Rahman A. [email protected] wrote:
Fred, can you just clarify?
- html_escape
ERB::Util
- XSS attacks
that’s a huge topic - LMGTFY - Let Me Google That For You
Fred
Thanks Fred.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs