Html safe and <%=h

Hi all,

This is kinda a noob question. Can someone please explain what html
safe mean, and what the function h in rails do and what are the best
times to use it. Even links will be helpful but i am doubtful if any
good explanations exists because i did a little search on couldn’t get
more info.

I know that <%=h tries to make the whatever we are writing to the web
page as html safe by stripping out all the html tags. Does this
include all the tags also??

thanks in advance.

suman

On Apr 24, 10:05 am, Suman G. [email protected] wrote:
[…]

I know that <%=h tries to make the whatever we are writing to the web
page as html safe by stripping out all the html tags. Does this
include all the tags also??

Well, is an HTML tag, isn’t it?

Anyway, it’s not quite true that h removes HTML tags. Rather, what it
does is escape characters that have a special meaning in HTML, so that
“” will become “<tag>”.

thanks in advance.

suman

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

Alright. And that is how the XSS attack is prevented.

Suman

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs