Can we create an Image by HTML string in Ruby On Rails. - ruby-on-rails

I would like to know , Is there any possibility by which we can create an image by the HTML sting that has the HTML tags along with the formatting Or the HTML content coming from the Web Editors like Ckeditor or TinyMce etc in Ruby on Rails.
Thanks
Nishant

Are you referring to achieving:
<%= "<img src='http://domain.tld/some_image.png' />".html_safe %>
You can also interpolate any strings by doing
<%= "#{url_string}".html_safe %>
where url_string = "<img src='http://domain.tld/some_image.png' width='200px'/>"

I guess you want something like following
<% str = "<img src='/images/InboundButtons.png' style='border: medium none ; padding: 0px 0px 0px -2px;'>"%>
<%= str %>
Where str is an html string and you can show it as above.

It seems that your ultimate destination is a PDF file. I would skip image creation, and go right to that, using one of several HTML to PDF libraries available, perhaps one of the ones listed right here on StackOverflow. If you do need an image for some reason, even then, I would consider generating a PDF of your HTML, and then converting that to an image, since it's the best path I know to get from HTML to an image.
However, you have done a poor job of describing your problem, so with more details there might be some obvious alternative as well.

Related

Displaying user input html with newlines

I have comments section in my application where users enter input in a text area. I want to prevent the line breaks they enter but also display html as a string. For example, if comment.body is
Hello, this is the code: <a href='foo'>foo</a>
Bye
I want it to be displayed just as above. The same with anything else, including iframe tags.
The closest I got is:
= simple_format(comment.body)
but it sanitizes html code and it's not displayed. Example: foo <iframe>biz</iframe> bar is displayed as:
foo biz bar
What should I do to achieve what I want?
Just use it without any method, it will be rendered as plain text:
= comment.body
Using your second example, the output will be:
foo <iframe>biz</iframe> bar
To make \n behave as <br>, you can use CSS:
.add-line {
white-space: pre-wrap;
}
And use it in your view:
.add-line = comment.body
Using your first example:
comment.body = "Hello, this is the code: <a href='foo'>foo</a>\n\nBye"
The output will be:
Hello, this is the code: <a href='foo'>foo</a>
Bye
Having done something similar in the past, I think you must first understand why HTML is sanitized from user input.
Imagine I wrote the following into a field that accepted HTML and displays this to the front page.
<script>alert('Hello')</script>
The code would execute for anyone visiting the front-page and annoyingly trigger a JS alert for every visitor.
Maybe not much of an issue yet, but imagine I wrote some AJAX request that sent user session IDs to my own server. Now this is an issue... because people's sessions are being hijacked.
Furthermore, there is a full JavaScript based exploitation framework called BeEF that relies on this type of website exploit called Cross-site Scripting (XSS).
BeEF does extremely scary stuff and is worth taking a look at when considering user generated HTML.
http://guides.rubyonrails.org/security.html#cross-site-scripting-xss
So what to do? Well if you checked in your DB you'd see that the tags are actually being stored, but like you pointed out aren't displayed.
You could .html_safe the content, but again I strongly advise against this.
Maybe instead you should write an alternative .html_safe method yourself, something like html_safe_whitelisted_tags.
As for removing newlines, you say you want to display as is. So replacing /n with <br>, as pointed out by Michael, would be the solution for you.
comment.body.gsub('\n', '<br />').html_safe_whitelisted_tags
HTML safe allows the html in the comment to be used as html, but would skip the newlines, so doing a quick replace of \n with <br /> would cover the new lines
comment.body.gsub("\n", "<br />").html_safe
If you want the html to be displayed instead of rendered then checkout CGI::escapeHTML(), then do the gsub so that the <br /> does not get escaped.
CGI::escapeHTML(comment.body).gsub("\n", "<br />")

Rails 4: how to insert line breaks in text_area?

I have created a blog in rails. I'm a beginner and got quite far, but now I'm stuck with a seemingly minor detail: I can't seem to format the posts (articles).
Here's the relevant part of my show.html.erb:
<p>
<strong>Content:</strong>
<%= simple_format (#article.content) %>
</p>
When I write something and insert html-tags, they are not recognized as such. What am I doing wrong?
Rails will automatically remove html tags to prevent someone from injecting code into your webpage (e.g. malicious javascript)
If your users cannot enter data into #article.content and it's always safe then you can flag it as safe usng the html_safe method.
<%= (simple_format (#article.content)).html_safe %>
Can you post the article content for reference? If I had to guess, I'd imagine Rails is escaping the html tags and inserting them as plain text (so the output looks like: Article content !
Take a look at Rails' helper methods like content_tag (http://apidock.com/rails/ActionView/Helpers/TagHelper/content_tag) and concat (http://apidock.com/rails/ActionView/Helpers/TextHelper/concat) and consider using those to help with generating the appropriate html tags.
An issue to be concerned with is who's going to be supplying the content. For example, if you're writing an application that other people will use, you want to make sure any html give you is escaped to avoid XSS attacks. In that case, you'll want to spend some time reading about how to properly sanitize user input.
You can now specify the tag it gets wrapped in (defaults to p) like so:
<%= simple_format (#article.content, {}, wrapper_tag: "div") %>
or
add white-space: pre-line style.
It will display \r or \n (enter) in user input as a new line.
for more info:
http://apidock.com/rails/v4.0.2/ActionView/Helpers/TextHelper/simple_format

HtmlPurifier - Codeblock

I was looking in HtmlPurifier documentation, but I can't see nothing about that.
Let's say I have
<div class="codebox">
All html tags here - Even <div class="codebox">another code box</div>
</div>
I want to parse the content of the first <div class="codebox"> so it can be readable as plaintext.
Can htmlpurifier do that ?
Out of the box HTMLPurifier can't do that and there is no config setting, that I know of, that can convert only the first <div> tag to plain text without converting the entire document. And even for converting the entire document to text the HTMLPurifier is neither needed nor recommended.
You can extend functionality of HTMLPurifier but unless you are an expert coder, I wouldn't recommend doing that.
However if you want to convert a part of the HTML document to text then break it into parts and run the part which you want to convert to text through
strip_tags()
PHP Manual page on strip_tags
You could convert all the div tags in your document to plain text with this configuration directive:
$config->set(HTML.ForbiddenElements, 'div'); //This will black list 'div' tag
And if you absolutely insist on converting your entire document to text using HTMLPurifier then here is the config directive that will do that.
$config->set('HTML.Allowed', ''); //This will white list NO tags ''

Redactor-Rails html tags showing

I'm trying to implement redactor as a WYSIWYG editor with ruby on rails. Everything seems to be working fine except that when I edit text in the editor the html tags show up. This happens even when I use the html button on the toolbar.
So on the webpage the text appears something like this:
<p>Edited text here</p>
I haven't included any code because I'm not really sure where to begin looking with this so any help at all will be appreciated :)
when using a text editor you have to tell your rails app that the area is html safe.
This is (by default) not the case as people could attack your site by using a text box you have put into your app.
by declaring an area as html safe you should be able to use the html tags as you like.
be aware of the security risk for using this.
e.g.
<div class="description">
<%= #foo.foo_desc.html_safe%>
</div>
Hope this clears it up for you.
in your view try using raw before the text you are trying to show. For example
<%= raw #post.body %>
this will work out with the html tags and show the processed text only without the tags.

simple_format and embed's

I've tried searching the web for a solution for this but havent been able to find any way of combining this.
Im printing html from a wysiwyg editor and found the simple_format helper to print the HTML with paragraphs etc. The problem is that it strips embed tags from the code aswell.
Do any of you know a way to print content from a WYSIWYG that adds paragraphs, br's, strong/bold and keeps all media such as images, embed's, etc.
Thanks!
Incase anyone is interested i solved it with:
<%= simple_format(content.post_content, {}, {:sanitize => false}) %>

Resources