HTML in db columns


#1

I have some text columns where I would like many of the html commands
available. I can insert tags in the field with no problem and it stays
there. When I try to use the data like <%= @item.description %> I
loose several of the tags. They do not work. Particularly the

  1. tags. The tags work along with font and color.

    Are they being filtered out automatically?

    I am on rails 2.2.2.

    What do I need to do to get a column to display in the format
    specified. Ultimately I want to use one of the wysiwyg editors on the
    site, but If I can not get the output to display, it is of no use

    Thank you

    Don F.


#2

Don F. wrote:

I have some text columns where I would like many of the html commands
available. I can insert tags in the field with no problem and it stays
there. When I try to use the data like <%= @item.description %> I
loose several of the tags. They do not work. Particularly the

  1. tags. The tags work along with font and color.

    Are they being filtered out automatically?

Not at all - if you put raw text in you should get raw text out.
(Probably UTF-8…)

How long is your description field? If it’s not a TEXT blob, it might
truncate
at 255.

What do your unit tests say about the description field, and the view it
constructs?

What do I need to do to get a column to display in the format
specified. Ultimately I want to use one of the wysiwyg editors on the
site, but If I can not get the output to display, it is of no use

We do it all the time.

But just today I could not get a

  • to display its freaking
    list-style-type:
    disc for anything. Both Firefox and IE caught the bug. Maybe it’s a
    lunar phase
    thing, and you caught it too!


    Phlip


  • #3

    The column is a text type. I get but not

    1. The bullets
      are just left out.


    #4

    On Mon, Dec 15, 2008 at 5:45 AM, Don F. removed_email_address@domain.invalid wrote:

    The column is a text type. I get but not

    1. The bullets
      are just left out.

    “bullets” are a visual attribute of OL/LI defined by the page’s CSS; are
    you sure your style sheet isn’t overriding the default browser view, or
    causing the bullets to be hidden by another element?

    OTOH, if you can’t see the OL/LIs in a page via view source I think
    you’ll need to post some code.


    Hassan S. ------------------------ removed_email_address@domain.invalid


    #5

    The column is a text type. I get but not

    1. The bullets
      are just left out.
      It sounds to me like your HTML is getting sanitized somewhere, which is
      actually a really good thing. Allowing raw HTML to be passed though from
      an input (textfield, textarea, etc.) and then displayed without being
      sanitized can lead to all sort of security problems.

    My recommendation would be to look into supporting Textile/Markdown in
    your input textarea and make sure you are properly sanitizing your HTML.
    Otherwise, you may leave yourself open to cross-site scripting or SQL
    injection attacks.