on mysite I have the ability to add comments. Sometimes users enter comments will links (href. ...)
I would like to have those links to be clickable/linkable (a href) when the comment is displayed to users.
how with Rails 3 can I take a comment, and look for links and then wrap those links in an a href tag that opens in a new window?
Thanks
The simplest way is to use the auto_link method built into rails.
Note: In Rails 3.1 auto_link has been moved into a separate gem.
idlefinger's suggestion of #auto_link is perfect. I know it's not the question you originally posed, but wanted to suggest: also check out #simple_format, which will nicely format your users' use of newlines into br and p tags.
Related
I'm using Rail's simple_format to take in details from a user. I want them to be able to add paragraphs, line breaks, paragraphs, anchor tags, etc. but I want to restrict some HTML tags–specifically images.
Does anyone know how I could implement this?
Also, I've looked at the documentation but I can't seem to find which HTML tags are allowed using simple_format. Is anyone aware of a list somewhere?
You can use sanitize helper built in rails:
sanitize(html, tags: %w(a b i u strong em img p br)
It will allow only specific set of tags.
I'm adding disqus commenting to some articles on our site and all URLs are SEO friendly.
This means that, if the title of the article changes so will the URL of that article, which will discard the previous disqus comments (linked to the previous version of the URL).
The solution would be to strip out the title of the article from the URL before passing it to Disqus.
So I need to turn "http://mydomain.com/article/123-myarticle/section/1-sectiontitle" into "http://mydomain.com/article/123/section/1"
What is the easiest way to do this?
Thanks!
PS: I'm very new to Rails (i'm taking over a developed project)
You don't need to extract anything from the URL.
All you need to give to Disqus is a unique id.
So you can add a method to your model, called disqus_id for instance:
def disqus_id
"name_of_your_model_#{id}"
end
and then, in the javascript:
disqus_identifier = "<%= #your_model.disqus_id %>";
I am having trouble in using tinymce editor with rails 3. I want to show text in bold letters and having trouble using tags like when I write something in p tags It should go to next paragraphs. in my case this tags is not working. It remains on same lines and display p tags on site page.
The usual suspect when it comes to rails 3 printing raw html output to the site, is that someone forgot to call html_safe on whatever text should be printed.
So if you have a #my_model_instance.description that you edit with tinymce, you might want to make the view look like #my_model_instance.description.html_safe, or as they suggest in the comment on the documentation, raw(#my_model_instance.description).
If the text is coming from user input, however, you might want to be a bit cautious, since it might be possible for users to input all sorts of nasty injection hacks this way.
I'm trying to figure out the right way to display comments such that newlines and links are displayed. I know that usually, you should display user-inputs only when escaping html with h(). That of course won't display newlines or links, so I found the simple_format and auto_link methods.
What I am now doing is: simple_format(santize(auto_link(comment.text)))
Is this the right way to do this, and is it still safe from XSS attacks?
Thanks!
Eric
Have a look to the last ryanb screencast XSS Protection in Rails 3
Cheers
I have a rails application where I allow users to enter comments. The comments are displayed back like so
<%= simple_format(sanitize(c.comment)) %>
If a user enters the following the in the comment link this link gets appended to the end of the rails root directory. So if someone clicked on the link the would go to
www.somedomain.com/myrailsapp/www.blah.com
What can I do to correct this?
Thanks
You will need to append "http://" in the href attribute of the anchor tags.
And if you aren't using it, may I suggest the auto_link helper method. It will automatically do what you are looking for.