I'm using Rails 3.1 and I need to save unescaped HTML entered in a form, but I can't figure out how to disable the escape by default. In my form I have
<%= form_for(:post, :url=>{:action => 'create'}) do |f| %>
<%= f.text_field :title %>
<%= f.text_area :body %>
<%= submit_tag "Publish", :id=>"submit", :class => "cta" %>
<% end %>
and in my controller:
def create
#post = Post.new(params[:post])
if #post.save
redirect_to(:action => 'overview')
else
render('new')
end
end
I've tried :escape => false in the form, and raw() in the controller but nothing works. How do I save the entered data as unescaped HTML?
Thanks for your help!
You may use the raw command to get the pure HTML, because Rails > 3 by default escape HTML:
<%= raw method_return_html_code %>
and if you are allowing users to enter text with HTML markup, like blog posts, have a look at the CKEditor gem which will give you a nice text area to do your HTML markups (like in Gmail, Yahoo, etc...)
Related
So I'm new to rails and having a little bit of trouble my situation is that I have a products model that has some Images attached to it. I would like on my products page to have a button to create a new image via ajax.
Inside my products _form view i have:
<%= simple_form_for(#product) do |f| %>
<%= f.error_notification %>
<div class="inputs">
<%= f.input :name %>
<%= f.input :description, :input_html => {:class => "wysihtml5 span6", :style => "height:400px;"} %>
<%= f.association :images, label_method: :name, value_method: :id %>
<h4>Upload new file</h4>
</div>
<%= link_to 'Add Image', '/images/new', :remote => true, :"data-replace" => "#image-form" %>
<div id="image-form">
</div>
<div class="actions">
<%= f.button :submit %>
</div>
<% end %>
And it does successfully Load the page via ajax.
But I would like to load it without the layout. Is this possible?
Do I need to create a new action that renders the partial form and has no layout??
So I'm assuming you have it requesting and returning html and not js? There are a couple of thoughts I have on this:
If you only ever need for this request to return from an AJAX request, then you could simply tell the controller to always render layout: false
If you would like to allow the controller to return a full page on occasion, you can either accept an argument in the get request and change the output accordingly, or you can tell the controller to:
respond_to do |format|
format.html # will render default with no block passed
format.js { render layout: false }
end
This should just work with the code in your form right now, because the :remote => true tells the controller to return js if possible, but accessing images/new from your browser will request html.
(Requesting js does not mean that you actually have to return js, as I don't in this case; it's up to you to take the proper action with what is returned. Some might consider it bad form, though, to return something other than what is technically requested.)
You can use the following in your action. Let your action is new.
def new
#your code goes here
render :layout => false
end
Tis is my view:
<%= form_for item, :url => comment_item_path(item), :html => {:remote => true, 'portal-transform' => true, :multipart => true} do |f| -%>
<%= f.fields_for :updates, Update.new, :index => nil do |m| -%>
<%= m.text_area :comment %><br />
<%= m.file_field :attachment %>
<% end -%>
<%= f.submit "Comment" %>
<% end -%>
And controller action:
respond_to do |format|
format.js do
render :json => {}
end
end
When I submit the form with only comment (text_area) field entered and keep attachment (file_field) field blank, it render exactly what expected.
But when I submit the form with attachment, it resulted in:
Completed 406 Not Acceptable in 56ms
What went wrong for me? Please guide.
Thanks.
Browsers do not allow file uploads via AJAX for security reasons. If you leave the form's file_field blank however, the form submits normally with no error, which explains the behaviour you are seeing.
To upload files via AJAX in Rails 3, you can use the Remotipart gem.
http://os.alfajango.com/remotipart/
Here is an example usage:
http://thechangelog.com/post/7576700785/remotipart-rails-3-ajax-file-uploads-made-easy
I am working with David Francisco's rails feedback plugin. The plugin works fine, except for one thing - I would need the feedback form to submit to the database the url for the page where the feedback form was used. Does anyone know how to do this?
The view that would need to send the current url, in addition to the currently sent information:
<h4>Feedback</h4>
<p>Please leave us feedback, it's really appreciated.</p>
<%= form_for #feedback, :as => :feedback, :url => feedback_index_path, :html => { :id => "feedback_form" } do |f| -%>
<%= f.hidden_field 'user_id', :value => current_user.id %>
<% unless #error_message.blank? %>
<p class="error">
<%=h #error_message %>
</p>
<% end %>
<p>
<%= f.label 'subject' %>
<%= f.select 'subject', ['Problem', 'Suggestion', 'Question', 'Other'] %>
</p>
<p>
<%= f.label 'comment' %><br />
<%= f.text_area 'comment', :rows => 10, :cols => 30 %>
</p>
<p><%= f.submit 'Send' %></p>
<% end -%>
Currently, feedback_index_path is always '/feedback', the url for the form.
Thank you,
Alexandra
You can use request.referer in your controller to get the path of the page that called your action. request.referer returns a full url but you can parse it with the URI module:
URI(request.referer).path
I see some people have suggested request.fullpath but this is actually the path of the action that's processing the request (in your case /feedbacks/new) and not the path where the form was submitted from.
If request.fullpath doesn't work incorrectly, you can make a quick hack, storing page url in data-attributes of page, and on submit get current url by jQuery from that attributes.
But it is a hack, just to make it working.
BTW how do you render feedback form?
feedback_index_path is a routes helper method that will always return the same thing. In your case /feedback.
Look here for info on accessing the current URL in both Rails 2 and 3.
Rails 2.3.11
I would like to use a text_field to input data under one condition, otherwise using a selection box. Right now, my code looks like this:
views/posters/new.html.erb
<% form_for #poster, :html => {:multipart => true} do |f| %>
<%= f.error_messages %>
<p>
<%= f.label :image %> - We're not going to enlarge it for you, so please upload the biggest copy you can!<br />
<%= f.file_field :image %><br />
</p>
<p>
<% if current_user.admin? && params[:event_id] && !current_user.events.find_by_id(params[:event_id]) && Event.find_by_id(params[:event_id]) %>
<%= f.label "Event ID" %><br />
<%= f.text_field :event_id, :value => params[:event_id] %>
<% else %>
<%= f.label :event_id %><br />
<%= f.select :event_id, #events, :selected => params[:event_id].to_i %>
<% end %>
</p>
<p>
<%= f.submit 'Create' %>
</p>
<% end %>
controllers/posters_controller.rb
def new
#poster = Poster.new
current_user ||= User.find_by_id session[:user_id]
#events = [["Don't attach to an event", '']]
current_user.events.each {|event| #events << [event.title, event.id]}
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => #poster }
end
end
Error message: http://cl1p.net/halp
How can I use two different types of form input fields for the same parameter (but each under a different condition, not simultaneously)?
Update: I think the problem stems from the issue of Rails putting the previously-submitted information back into their respective input fields. This explains why no tantrum is thrown when a file that passes all the validation tests (that is, a PNG less than 3 MB), but breaks down when nothing (or anything that doesn't meet that condition) is attached.
Firstly, I don't understand why you are manually setting the values on the text box and select box. Usually, Rails does this for you, but without the form definition, I can't tell if you really need to do this.
Even then, given the information, I think it's safe to say that what you need is this:
f.text_field :event_id
...
f.select :event_id, #events
This ought to work for what you intend to do. I'm not sure what it has to do with the submitting of a file, but yes you are right about the previously-submitted part. The unexpected nil stems from this:
params[:event_id].to_i
Unless you are setting this parameter entry manually inside your controller, you will not be able to cast it to an integer if it is nil. If you go with using the basic form helper calls this goes away.
One of the things I'm doing includes several links on the show view. For instance, I have a link (or button) for "Accepting", and another one for "Rejecting". Click on Accept, and the model updates the is_accepted field as true, click on Reject, and the is_accepted field is false.
Now, how best do I handle this? In ASP.NET, I would have simply created a LinkButton and written a handler, but Rails doesn't work that way, so I'm trying to figure out how to essentially replicate what a LinkButton would do.
Right now, I'm coding two forms on the same view, nearly identical, that look like this:
<%= form_for #thing do |f| %>
<%= hidden_field_tag 'thing[is_accepted]', '1' %>
<%= f.submit "Accept" %>
<% end %>
<%= form_for #thing do |f| %>
<%= hidden_field_tag 'thing[is_accepted]', '0' %>
<%= f.submit "Reject" %>
<% end %>
This feels weird to me, but I can't seem to find anything that says this is the wrong way to do it.
I could, I assume, dry things up by using a partial and/or a helper method, but I wanted to make sure I'm on the right track and not doing something totally wrongly.
You can give your submit tag a name.. ie
<%= form_for #thing do |f| %>
<%= hidden_field_tag 'thing[is_accepted]' %>
<%= f.submit "Accept", :name => 'accept' %>
<%= f.submit "Reject", :name => 'reject' %>
<% end %>
Then you can detect the name in params[] and skip the '1'/'0' value.
I think you're going about it the right way. One way to clean up your forms is by using the model form helpers all the way through, so you'd end up with something like
<%= form_for #thing do |f| %>
<%= f.hidden_field :accepted, :value => true %>
<%= f.submit "Accept" %>
<% end %>
<%= form_for #thing do |f| %>
<%= f.hidden_field :accepted, :value => false %>
<%= f.submit "Reject" %>
<% end %>
But other than that, it looks like the right way to go about it. I would suggest against creating new methods to do this, because you're not doing anything outside of normal web requests (updating a model in this instance).
Using the submit tag as the switch and detecting it in params[] is also a good way, but I usually prefer to keep my controllers as vanilla as possible. In the end, both of these ways would end up with the same amount of 'stuff' in the UI, so whichever style you'd rather use should be fine.
Depending on how you want your UI to work you might consider link_to_remote (part of the prototype helper) - you can specify an action, params etc, and have it return some JS that gets run.
If you're using map.resources in your routes.rb you should be able to do something like this:
map.resources :things, :member => {:accept => :get, :reject => :get}
Then in your controller:
def accept
#thing = Thing.find(params[:id])
#thing.is_accepted = true
#thing.save
end
def reject
#thing = Thing.find(params[:id])
#thing.is_accepted = false
#thing.save
end
And finally in your view:
<%= link_to 'Accept', accept_thing_url(#thing) %>
<%= link_to 'Reject', reject_thing_url(#thing) %>
Or if you are using Ajax:
<%= link_to_remote 'Accept', :url => accept_thing_url(#thing) %>
<%= link_to_remote 'Reject', :url => reject_thing_url(#thing) %>