I am using the Rinku rails gem to make URLs linked in any content posted on my website.
I've installed and implemented it but the problem is that the HTML code shows in the view.
Here's a code that I'm using
<%= truncate(Rinku.auto_link(feed_item.content), :length=>400, :omission=>' ...(next page)') %>
Here's a sample output view on my website
hey guys check out my website at www.someURL.com
As you can see, the HTML <a> tags show. What does feed_item.content should be change to for this to work correctly?
Feed_item.content is a text, not a string. It appears that Rinku parses string. Is that the cause of the issue?
The issue is that by default, Rails will escape any html in a string you output in erb (using <%= %>) as a precautionary measure. (If you look at the page source, you should see that your output looks like <a ...> instead of <a ...>.)
To stop this from happening, you can use the .html_safe method to mark that the string is safe to print as html:
<%= truncate(...).html_safe %>
Related
I have created a blog in rails. I'm a beginner and got quite far, but now I'm stuck with a seemingly minor detail: I can't seem to format the posts (articles).
Here's the relevant part of my show.html.erb:
<p>
<strong>Content:</strong>
<%= simple_format (#article.content) %>
</p>
When I write something and insert html-tags, they are not recognized as such. What am I doing wrong?
Rails will automatically remove html tags to prevent someone from injecting code into your webpage (e.g. malicious javascript)
If your users cannot enter data into #article.content and it's always safe then you can flag it as safe usng the html_safe method.
<%= (simple_format (#article.content)).html_safe %>
Can you post the article content for reference? If I had to guess, I'd imagine Rails is escaping the html tags and inserting them as plain text (so the output looks like: Article content !
Take a look at Rails' helper methods like content_tag (http://apidock.com/rails/ActionView/Helpers/TagHelper/content_tag) and concat (http://apidock.com/rails/ActionView/Helpers/TextHelper/concat) and consider using those to help with generating the appropriate html tags.
An issue to be concerned with is who's going to be supplying the content. For example, if you're writing an application that other people will use, you want to make sure any html give you is escaped to avoid XSS attacks. In that case, you'll want to spend some time reading about how to properly sanitize user input.
You can now specify the tag it gets wrapped in (defaults to p) like so:
<%= simple_format (#article.content, {}, wrapper_tag: "div") %>
or
add white-space: pre-line style.
It will display \r or \n (enter) in user input as a new line.
for more info:
http://apidock.com/rails/v4.0.2/ActionView/Helpers/TextHelper/simple_format
Not sure how to fix this. should I be using .html_safe?
When the page renders I am getting a lot of:
<div><br><
which is obviously not what I am after.
Thanks.
Use CGI.unescapeHTML
<%= CGI.unescapeHTML(content) %>
I am trying to add Markdown to my Rails 3 web app but am having problems.
I have tried rdiscount and markdownizer but either they're not working or I'm not writing the correct code for them.
The code I have at the moment to display a text field is <%=h simple_format (#user.desktopinfo) %>
I want to increase the functionality of this text by adding Markdown but I am unable to get it work, please help! :)
EDIT 2
Using markdownizer broke my app, so I am now using BlueCloth. Add bluecloth to the gem file and add this <%= raw BlueCloth.new(#user.desktopinfo).to_html %>
:)
EDIT
Actually, just trying again...
With markdownizer, with markdownize! :desktopinfo in the user model and <%= #user.rendered_desktopinfo %> on the page that shows the text, I get this: <h1>this is a h1</h1> on the text when I enter
this is a h1
============
so I am halfway there! How do I now turn this code into html?
Consider rdiscount which substitutes for bluecloth but is faster and better maintained.
Ryan Tomayko's comparison is a good write up regarding the different libraries for using markdown in Ruby.
You haven't really specified exactly what you are after, but I use bluecloth when working with markdown. You can add 'bluecloth' to your Gemfile.
To parse your markdown it is as simple as:
<%= raw BlueCloth.new(YOUR_MARKDOWN).to_html %>
You need the keyword raw. so the HTML is not escaped.
<%= raw #user.rendered_desktopinfo %>
I recently made a small rails3 app to convert an old cms written in another language. After migrating the content I am having problems outputting content from the database.
The #content.desc field sometimes has html. Currently the only way I could get it to work was:
<%= sanitize content.desc %>
But is this the best way? When I use <%=h #content.desc %> I can see the html tags still. When I use <%= simple_format #content.desc %> I get wicked spacing.
Is there a definitive guide somewhere where I can see all of the options while outputting content? I've tried to search but can't turn anything up (rails newb, i know).
Any string not marked as "safe" will be HTML-escaped by default in Rails 3. Some methods, such as sanitize, h, link_to and many other helpers return safe strings, thus allowing them to be written literally. See this blog post for more info.
If you know for sure that the HTML contained in #content.desc is safe, you can mark it as such yourself like so: <%= #content.desc.html_safe %>.
Rails 3 has changed HTML sanitisation to be enabled by default. If you're sure that the string you're rendering is safe, you can use
<%= #content.desc.html_safe! %>
Unless I'm mistaken, you shouldn't have to sanitize the content before displaying it, as Rails 3 does that by default. More info here: http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/
I'm trying provide a textarea for the user to enter javascript. Each time the form is saved more whitespace is appended throughout the content. Any ideas how to ensure this doesn't happen?
Using Rails
If you're using a meta-HTML framework such as HAML, you need to ensure that there's no indentation happening to the content of your tag. While this is usually not a problem with ERB, you do need to be aware that whitespace inside the tag is submitted with the form.
Have a look at the source of your page to see what is rendered. It would be useful to append that to your question as a code snippet if possible.
Add a hyphen to the inside of your final %> tag, to prevent Rails from adding a newline and some whitespace. And make sure there's no whitespace in the HTML, of course :)
e.g.
<%= <blah> -%>
instead of
<%= <blah> %>
I converted the ERB to HAML and it works since that. (erubis 2.7.0, haml 4.0.4)