How to execute Ruby code in html content - ruby-on-rails

I have html content that store in table. In that content I want to pass some ruby code
for example
temp = "<html><head>...</head><body>... <%= #something %> ...</body></html>"
then after I use temp.html_safe or raw temp
but #something is not printing
How can I do this ?
Please Help me

Just doing #temp = "<p>... #{#something} ...<p>" in your code and then in your view <%= #temp.html_safe %> should be enough.

This sort of functionality could get you in some dangerous waters. What if someone compromises your database, edits the code in that record to do something destructive, and then executes that code through your application?
You should look at using Liquid instead of executing ERB directly. (Also take a look at the accompanying Railscast.)

Related

Ruby-on-Rails : how to display all "rake:about" data inside a Rails view?

I would like to display the output of "rake:about" inside a Rails view.
Or all equivalent data into a view.
Is it feasible ?
rake about is merely outputting the value of Rails::Info.to_s to stdout. You can thus use this data directly from Rails without invoking rake (neither inline nor via a shellout):
<%= Rails::Info.to_s %>
Since the data is intended for display in a text console, it is not directly suitable for HTML output. You can make it more readable by requesting HTML output with
<%= raw Rails::Info.to_html %>
or by just wrapping the whole block in <pre> tags so that it is shown similar to how it would look on the console:
<pre>
<%= Rails::Info.to_s %>
</pre>
Finally, if you want to format the details yourself, you can get the raw properties shown by Rails::Info as an array of arrays with
Rails::Info.properties
You can use Backticks to execute system command. So inside view it would look like:
<%= `rake about` %>

Rails 4: how to insert line breaks in text_area?

I have created a blog in rails. I'm a beginner and got quite far, but now I'm stuck with a seemingly minor detail: I can't seem to format the posts (articles).
Here's the relevant part of my show.html.erb:
<p>
<strong>Content:</strong>
<%= simple_format (#article.content) %>
</p>
When I write something and insert html-tags, they are not recognized as such. What am I doing wrong?
Rails will automatically remove html tags to prevent someone from injecting code into your webpage (e.g. malicious javascript)
If your users cannot enter data into #article.content and it's always safe then you can flag it as safe usng the html_safe method.
<%= (simple_format (#article.content)).html_safe %>
Can you post the article content for reference? If I had to guess, I'd imagine Rails is escaping the html tags and inserting them as plain text (so the output looks like: Article content !
Take a look at Rails' helper methods like content_tag (http://apidock.com/rails/ActionView/Helpers/TagHelper/content_tag) and concat (http://apidock.com/rails/ActionView/Helpers/TextHelper/concat) and consider using those to help with generating the appropriate html tags.
An issue to be concerned with is who's going to be supplying the content. For example, if you're writing an application that other people will use, you want to make sure any html give you is escaped to avoid XSS attacks. In that case, you'll want to spend some time reading about how to properly sanitize user input.
You can now specify the tag it gets wrapped in (defaults to p) like so:
<%= simple_format (#article.content, {}, wrapper_tag: "div") %>
or
add white-space: pre-line style.
It will display \r or \n (enter) in user input as a new line.
for more info:
http://apidock.com/rails/v4.0.2/ActionView/Helpers/TextHelper/simple_format

Rails - File path to load content from a yaml file

I'm have a variety of text files with static long form text as content. Right now I am storing them in a separate "content" file in the config folder. For instance "../config/content/content1.yml" "../config/content/content2.yml" and so on.
I would like to string these files together in my application. So in my controller I have variables that attempt to pull the content of each file, for example
#content1 = YAML.load_file("#{Rails.root}/app/config/content/content1.yml")
#content2 = YAML.load_file("#{Rails.root}/app/config/content/content2.yml")
I then try load that variable into my view with
<%= #content1 %>
<%= #content2 %>
This and everything else I've tried doesn't seem to work though. I'd really just like to get the text to display in my view. Any help to point me in the right direction would be much appreciated. I'm very noobish with rails still.
I don't know why you don't want to store this data in DB, but lets describe what you need using only views.
According to comments that what you need are partials.
Example:
Lets have file app/views/content/editor1/paragraph1.html:
Example paragraph
Then in your view you can render this using:
<%= render partial: 'content/editor1/paragraph1' %>

Rails - Outputting content, sanitize or <%=h?

I recently made a small rails3 app to convert an old cms written in another language. After migrating the content I am having problems outputting content from the database.
The #content.desc field sometimes has html. Currently the only way I could get it to work was:
<%= sanitize content.desc %>
But is this the best way? When I use <%=h #content.desc %> I can see the html tags still. When I use <%= simple_format #content.desc %> I get wicked spacing.
Is there a definitive guide somewhere where I can see all of the options while outputting content? I've tried to search but can't turn anything up (rails newb, i know).
Any string not marked as "safe" will be HTML-escaped by default in Rails 3. Some methods, such as sanitize, h, link_to and many other helpers return safe strings, thus allowing them to be written literally. See this blog post for more info.
If you know for sure that the HTML contained in #content.desc is safe, you can mark it as such yourself like so: <%= #content.desc.html_safe %>.
Rails 3 has changed HTML sanitisation to be enabled by default. If you're sure that the string you're rendering is safe, you can use
<%= #content.desc.html_safe! %>
Unless I'm mistaken, you shouldn't have to sanitize the content before displaying it, as Rails 3 does that by default. More info here: http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/

removing the xml tags in ruby on rails

I am reading data from an xml doc and placing it on a web page using rails and REMXL. I use
#description1=XPath.match( xmldoc, "////description" )
to get the info into an array and just loop through in my view. However when using
<%= h(#description1[k]) %>
so it looks like
<description>fuzzy slippers</description>
on the web page. Is there a good way of removing the tags?
Thanks
The xpath you are using will return a set of nodes. To get only the content, use:
#description1 = XPath.match(xmldoc, "////description/text()")
You might want to look into httparty: http://github.com/jnunemaker/httparty
Did you try
<%= h(#description1[k].text) %>
What does it show?

Resources