I have a search function that searches a list of items. My search returns results from a simple GET request. On the page, I would like to display to the user their query. In my controller I can retrieve their query like this:
def search
#query = params[:query]
end
In my view, if I simply place <%= #query %> in the HTML this would possibly create a XSS vulnerability. How can I sanitize this parameter for use in a view?
Is this what you need? https://edgeapi.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
<%= sanitize(#query) %>
Related
I am using Ransack to search on some data, however, what I'm finding is that the sorting is not maintained after a search. It reverts back to the default sort specified in my controller.
The scenario is: I sort by a column, let's say Revenue, and then perform a search, the sorting on revenue is removed and it goes back to the default sort I set in the controller.
Here is my controller code:
def index
#q = Product.ransack(params[:q])
#q.sorts = 'start_date desc' if #q.sorts.empty?
#products = #q.result.page(params[:page]).per(30)
end
My understanding of the code if sorts.empty? was that this default sorting would not be applied if I had already sorted something. Is this not the case?
Thanks!
The best solution I found for this is by adding the :s field manually to the search form using a hidden field:
<%= search_form_for(#q, url: search_url) do |f| %>
<%= f.hidden_field :s, value: params[:q].try(:[], :s) %>
<%= f.text_field :foo_eq %>
<% end %>
By doing that the :s field always gets updated with the correct params when rendering the search form. It does not work when not setting the value manually because #q.s is an alias for #q.sorts which returns an object instead of sort string.
I have a search form in the header of my app and I would like to use this search form to search through multiple models within the application.
For example a request like /search?q=rails should trigger a search through multiple models like Work, Project, User and their defined attributes. I wanted to use Ransack because I already use it on the Work model in a different area of the app.
I think I don't quite understand Ransack yet and the documentation always points out that you have to define #q = MyModel.search(params[:q]) to use it in the form search_form_for #q. Is there a way where you don't have to define a specific model in advance? And just pass in the parameter name like search_form_for :q?
Okay, after asking the question the answer popped into my head.
Instead of the search_form_for helper I'm now just using the form_tag helper in the following way:
<%= form_tag search_path, method: :get do %>
<%= text_field_tag :q, params[:q] %>
<%= end %>
and in the search action I just do:
q = params[:q]
#works = Work.search(name_cont: q).result
#projects = Project.search(name_cont: q).result
#users = User.search(name_cont: q).result
This works for me. I hope this also helps someone else.
I am attempting to create a search form, the search is performed on third party site so there is no model just a controller. I have it set up as follows
views/items/index.html.haml :
= search_field :search, :search_input
= submit_tag 'Search'
views/items/search.html.haml:
-#items.each do |item|
%h1= item.title
controllers/items_controller.rb:
def index
#I am unsure of what to put in here? I think
#I need something wich sends #search_input to my search method
end
def search
#items = some_third_party_search_method_i_wrote{ params[:search_input]}
end
How does one properly use the params object in rails? I don't understand how to get from the index page containing the search form to the search page containing the results of the search input?
You probably want to use search_field_tag instead since your form isn't tied to a model/object:
= search_field_tag :search_input
Then params[:search_input] should work.
I am working a simple rails app and i would like to know how possible it is to use one search form to search inside multiple models. like i have a story model and a book model. this search form should be able to search the both models with a single parameter.
<%= for_tag :url => search_path %>
<%= text_field_tag :q %>
<% end %>
How can i make this search from work for multipple models
Whatever search you need to do, is done inside an action in a controller. You could basically create a controller, say search_controller and have an action say, item
def item
if params[:q]
#found_stories = Story.find_all_by_...(params[:q])
#found_books= Book.find_all_by_...(params[:q])
end
end
Then you could use the objects #found_stories and #found_books in your view to show the search results.
This is just an example of how you could do to fulfill your requirement.
Thanks.
My rails app gets the following JSON feed from mixcloud and sticks the results into my index page
At the moment when I do this, the entire contents of my feed are displayed unformatted in one big blob of scary looking text (without the curly JSON brackets)
I only want to display specific values from the feed in the view.
From the feed in question lets say for simplicity that I just wanted to display all values with a key of "url"
In case I'm doing something wrong here's my code:
# podcast controller
def index
# I'm using a class method to get the feed
#feed = Podcast.feed
end
# podcast model
def self.feed
feed = JSON.parse(open("http://api.mixcloud.com/alivefrommaryhill/feed").read)
end
# index.html.haml
.feed
= #feed
I can't figure out how to style the results and display only certain items from the feed. Is my approach wrong?
I've done something similar using HTTParty and Hashie gems.
This example loops through the first 10 results:
#controller
def index
#result = Hashie::Mash.new HTTParty.get("http://api.mixcloud.com/alivefrommaryhill/feed")
end
#index.html
<% #result.data[0..10].each do |e| %>
<%= e.url %>
<br/>
<% end %>
If you wanted the 'small pictures' you would do
<% #result.data[0..10].each do |e| %>
<%= e.from.pictures.small %>
<br/>
<% end %>
Hope this helps :-)
Instead of writing the json directly to your view, maybe you could write a clientside javascript function that converts the json into html markup. For, example, maybe use jquery like described here? Best way to display data via JSON using jQuery
Or, similarly, you could still write the json directly in your view, but write it out as the value to a javascript variable instead of writing it as html. Then you could write a javascript function that reads and parses the javascript variable after the page loads, converts it to html, and inserts into the DOM. This method would be similar to the answer in the link above, except you wouldn't have to make a ajax request, you can simply process the data since it will already be available locally in a js var.