Magic Quotes in Ruby?


#1

(I thought I posted this question just a bit ago but I can’t find it
now. Sorry if this is a double-posting)

I have some strings in a CGI script of mine that will sometimes contain
double-quotation marks (""). These behave normally when I use them
directly (i.e., puts str will return a string that contains quotes just
fine), but misbehave when I try to concatenate them with other strings
(i.e., puts str + “other stuff”).

I’ve seen this sort of “magic quotes” problem in other languages, but
I’m having a lot of trouble getting this to work. I’ve tried several
variations on gsub, as well as a couple of other things, but none seem
to work.

Is there a way to work around this?


#2

Nathan O. wrote:

(I thought I posted this question just a bit ago but I can’t find it
now. Sorry if this is a double-posting)

I have some strings in a CGI script of mine that will sometimes contain
double-quotation marks (""). These behave normally when I use them
directly (i.e., puts str will return a string that contains quotes just
fine), but misbehave when I try to concatenate them with other strings
(i.e., puts str + “other stuff”).

I’m not seeing this:
irb(main):004:0> s = “ab"c”"
=> “ab"c”"
irb(main):005:0> puts s
ab"c"
=> nil
irb(main):006:0> puts s + “other stuff”
ab"c"other stuff
=> nil
irb(main):007:0>

I’ve seen this sort of “magic quotes” problem in other languages, but
I’m having a lot of trouble getting this to work. I’ve tried several
variations on gsub, as well as a couple of other things, but none seem
to work.

Is there a way to work around this
I’m guessing this is really an escaping problem. You’re trying to
generate html without doing any escaping? Try viewing the source of
your generated page – the quotes are no doubt all there just as you
output them, but they’re probably interfering with html attributes.

Luke


#3

Luke B. wrote:

I’m guessing this is really an escaping problem. You’re trying to
generate html without doing any escaping? Try viewing the source of
your generated page – the quotes are no doubt all there just as you
output them, but they’re probably interfering with html attributes.

Well, I’m glad you’re paying attention to the obvious things, because I
don’t seem to!

Yes, it’s an HTML escaping problem. Hmm… this might take a while to
clear up.


#4

Not really - use CGI.escapeHTML(str) and you are all set.