<%=h...%>

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

Thanks.

Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

Thanks.

Hi,

I know the use of <%=h…%> is to show the html tags:

Consider the following example:

@a= “hi how are
you.”

<%= @a %>
#=> hi how are
you.

<%=h @a %>
#=> hi how are
you.

Regards,

Saurabh

On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not

Fred

Frederick C. wrote:

On 21 Jul 2010, at 01:56, Abder-Rahman A. wrote:

In the “Head First Rails” book, it mentions that “h” in <%=h…%> is a
helper method.

Can someone describe what that means? And, when should I use <%=h…%>?
Is it when I want the result to be displayed on my view for example?

h is short for html_escape. You’re probably end up using it nearly every
time you display user entered data (or you may be at the risk of xss
attacks). From rails 2.3.8 there’s a different way of handling this -
strings have a notion of whether they are safe or not

Fred

Thanks a lot everyone for your replies.

Fred, can you just clarify?

  • html_escape
  • XSS attacks

Thanks a lot.

On Jul 21, 9:37 am, Abder-Rahman A. [email protected] wrote:

Fred, can you just clarify?

  • XSS attacks

that’s a huge topic - http://lmgtfy.com/?q=XSS+attacks

Fred

Frederick C. wrote:

On Jul 21, 9:37�am, Abder-Rahman A. [email protected] wrote:

Fred, can you just clarify?

  • XSS attacks

that’s a huge topic - http://lmgtfy.com/?q=XSS+attacks

Fred

Thanks Fred.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs