<%=h...%>

swengineer · July 21, 2010, 2:56am

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

Thanks.

swengineer · July 21, 2010, 6:55am

Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

Thanks.

Hi,

I know the use of <%=h…%> is to show the html tags:

Consider the following example:

@a= “hi how are
you.”

<%= @a %>
#=> hi how are
you.

<%=h @a %>
#=> hi how are
you.

Regards,

Saurabh

swengineer · July 21, 2010, 9:12am

On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not

Fred

swengineer · July 21, 2010, 10:37am

Frederick C. wrote:

On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not

Fred

Thanks a lot everyone for your replies.

Fred, can you just clarify?

html_escape
XSS attacks

Thanks a lot.

swengineer · July 21, 2010, 10:57am

On Jul 21, 9:37 am, Abder-Rahman A. [email protected] wrote:

Fred, can you just clarify?

html_escape
http://api.rubyonrails.org/classes/ERB/Util.html#M000138

XSS attacks

that’s a huge topic - http://lmgtfy.com/?q=XSS+attacks

Fred

swengineer · July 21, 2010, 11:02am

Frederick C. wrote:

On Jul 21, 9:37ï¿½am, Abder-Rahman A. [email protected] wrote:

Fred, can you just clarify?

html_escape
http://api.rubyonrails.org/classes/ERB/Util.html#M000138

XSS attacks

that’s a huge topic - http://lmgtfy.com/?q=XSS+attacks

Fred

Thanks Fred.