Html safe and <%=h


#1

Hi all,

This is kinda a noob question. Can someone please explain what html
safe mean, and what the function h in rails do and what are the best
times to use it. Even links will be helpful but i am doubtful if any
good explanations exists because i did a little search on couldn’t get
more info.

I know that <%=h tries to make the whatever we are writing to the web
page as html safe by stripping out all the html tags. Does this
include all the tags also??

thanks in advance.

suman


#2

On Apr 24, 10:05 am, Suman G. removed_email_address@domain.invalid wrote:
[…]

I know that <%=h tries to make the whatever we are writing to the web
page as html safe by stripping out all the html tags. Does this
include all the tags also??

Well, is an HTML tag, isn’t it?

Anyway, it’s not quite true that h removes HTML tags. Rather, what it
does is escape characters that have a special meaning in HTML, so that
“” will become “<tag>”.

thanks in advance.

suman

Best,

Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid


#3

Alright. And that is how the XSS attack is prevented.

Suman