Text not rendering as html

Hi,

I initially posted this in the Rails Deployment section by accident.

I have set up TinyMCE as an inkine javascript text editor on my text
areas, but when I open show.html.erb it renders out, for example, bold
tags as “Get” in the actual browser as opposed to
“Get”.

Can someone please shed some light on this?

This is in my ‘notes’ controller…

def show
@note = Note.find(params[:id])

respond_to do |format|
  format.html # show.html.erb
  format.xml  { render :xml => @note }
end

end

Thanks in advanced.
C

Does your show.html.erb have:

<%=h …stuff… %>

If so, you need to remove the h. Let me know! :slight_smile:

~Dustin T.

On Jul 26, 11:09 am, Clinton Beattie <rails-mailing-l…@andreas-

Hi Dustin,

Yeah it did include the “h” and a I removed it and it worked. THANKS!!!

Why did this work and what was the “h” for. Bit of a newbie.

Hey Clinton,
I’m glad that solved your problem. I as well am a Rails newbie and
hitting a dead end is no fun. The ‘h’ as I recall stands for ‘helper’.
It sterilizes the output for possibly harmful code. That’s why you
would see get instead of just ‘get’.

Good luck on your projects!

~Dustin T.

On Jul 26, 12:19 pm, Clinton Beattie <rails-mailing-l…@andreas-

Clinton Beattie wrote:

Hi Dustin,

Yeah it did include the “h” and a I removed it and it worked. THANKS!!!

Why did this work and what was the “h” for. Bit of a newbie.

Be aware that you just opened your Rails app up to XSS attacks. By
allowing HTML and turning off filtering, you’ve allowed users to post
arbitrary HTML which can do anything from mess up the formatting of the
site to steal session cookies. This might not be a problem if the only
users who can write to this model are trusted users, but it’s something
to keep in mind for the future.

This is one of the advantages of a markup language like RedCloth. You
can filter HTML and still allow users to post content with markup.
Though, RedCloth itself can be used for other malicious things but its
impact is limited.


Michael M.
Guide to Ruby
http://ruby.about.com/
Become an About.com Guide: beaguide.about.com
About.com is part of the New York Times Company

Thanks for that advice.

For the time being it’s okay, I think, as this is for a Admin area and
the users will be clients.

Best,
C

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs