Controller code:
class HelpController<ApplicationController
def index
#url = "https://example.com/auth?user_id=1234&redirect_to=http://google.ru"
end
end
View code:
<script>location.href='<%=#url%>';</script>
And it redirects to THIS:
example.com/auth?user_id=1234&redirect_to=http://google.ru
This:
http://example.com/auth?user_id=1234 & amp; redirect_to=http://google.ru
(without spaces)
In Rails 3, you can call the .html_safe method to tell rails that you have verified the content is safe to send unescaped.
See http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/ for an explanation of the motivation for the default escaping behavior.
The idiom is reversed from older versions of rails, where you had to explicitly call .h (.html_escape).
No Ruby expert, but I think escaping is the default behavior. You have to force it to output as an unescaped string by wrapping the thing in raw().
Related
I'm new to ruby and am picking up on a rails project and am seeing something wierd.
I have a controller action that is not invoking the javascript function when page.call is used, but it only does this when the argument data includes international characters. If I fix the data, it works as expected.
Here's what I'm doing in ruby:
class MyProblemController < ApplicationController
def view
arg1 = ["This", "is", "fine"]
arg2 = ["Data", "datum", "datums"]
arg3 = ["Good", "Bäd", "Ũgly"]
render :update do|page|
page.call("myJavascriptFunction", arg1, arg2, arg3)
end
end
On the web page, I can set a breakpoint in "myJavascriptFunction" and it NEVER gets called. If I remove the characters with the diacritical marks, it works just fine.
As a ruby n00b, this is perplexing. What's going on here? How can I make this support international characters?
I did try the magic comment "# encoding: UTF-8" at the top of my controller.rb file and it doesn't make a difference, in case it's supposed to.
Thanks!
Edit: App is using rails 2.3.2 & I can't change it. Is using 1.6.0.3 of prototype.js
You can try page.call << "myJavascriptFunction(#{arg1},#{arg2},#{arg3})" more info you can found here.
I need to print Ruby on Rails complete url in my application. in details
with RAILS_ROOT I m getting a url like this
D:/projects/rails_app/projectname/data/default.jpg
But for my application I need a path like this
http://localhost:3000/data/default.jpg
Please help me to solve this issue. I am using Rails 2
Thanks
Today we use URI. Simply require the library and you will be able to parse your current dynamic and static URI any way you please. For example I have a function that can read URI parameters like so...
#{RAILS_ROOT}/app/helpers/application_helper.rb (The literal path string of the file depicted below)
def read_uri(parameter)
require 'uri'
#raw_uri = URI.parse(request.original_fullpath)
#uri_params_raw = #raw_uri.query
if #uri_params_raw =~ /\=/
#uri_vars = #uri_params_raw.split('=')
return #uri_vars[parameter]
end
return false
end
This should split all URI parameters into an array that gives the requested (numeric) "parameter".
I believe that simply the URI.parse(request.original_fullpath) should work for you.
I come from using a minimum of rails 4.2.6 with this method so, I hope it works for anyone who might view this later on. Oh, and just as a disclaimer: I wasn't so wise to rails at the time of posting this.
I found the following code, which I guess goes in config/initializers/kernel.rb.
module Kernel
private
def this_method
caller[0] =~ /`([^']*)'/ and $1
end
end
For adding to the log, is this the preferred way to get the current method?
Thanks.
That seems like a decent way to get the calling method and give you the ability to call this_method in your code to add to the log.
If you are using Ruby 1.9.2 you can call __method__ instead and not worry about defining a special method to do so.
Rails provides filter_parameter_logging to filter sensitive parameters from the rails log.
If you have a a JSONP API, some sensitive information could be present in the URL. Is there a way to filter request URLS from the log also?
Note: The answer here was the way to get it work on Rails 2.x ~> 3.0. Starting from Rails 3.1, if you set config.filter_parameters, Rails will filter out the sensitive parameter in the query string as well. See this commit for more detail.
I think in that case, you need to override complete_request_uri in ActionController::Base, since ActionController::Benchmarking calls that method and prints the line that looks like:
Completed in 171ms (View: 35, DB: 7) | 200 OK [http://localhost:3000/]
I think you can put this in initializer to override this method
class ActionController::Base
private
def complete_request_uri
"#{request.protocol}#{request.host}#{request.request_uri.gsub(/secret=([a-z0-9]+)/i, "secret=[FILTERTED]")}"
end
end
Note that you need to play a bit with regular expression to make it substitute the portion you wanted.
Sadly this no longer works in Rails 3. The path (including query parameters) comes from ActionDispatch::Request, which inherits from Rack::Request. Here's the relevant monkeypatch that you can throw into an initializer:
class ActionDispatch::Request
def fullpath
#fullpath ||= super.gsub(/secret=[^&]+/, 'secret=[FILTERED]')
end
end
I switched to using [^&] in the regex since the parameter could easily have characters that aren't letters or numbers in it.
I'm using the auto_link method in Rails to turn urls in plain text to clickable links. It works pretty good most of the time.
but
google.com doesn't create a link
Is there something else out there that provides better coverage of urls? Or is there anyway I can easily modify the Rails code to include .coms and .net without a http or www start string?
auto_link uses AUTO_LINK_RE which you can override.
you can place a file in config/initializers
module ActionView::Helpers::TextHelper
silence_warnings do # you might need this to get rid of the warning
AUTO_LINK_RE = # your own definition here
end
end
It should work, but I never tried myself.