I have created an application that allows for users to input lots of different data (posts, comments, etc.). The simple_format is good for me for now I just want to protect against crazy stuff. I haven't used sanitize before and after reading some guides I am still a little confused on how to implement. Hoping I can get some direction here.
Let's say I am collecting #post.body. How do I remove any <div> tags or <script> tags that might be entered by the user? I am assuming that in the view it would look something like this:
<%= sanatize(simple_format #post.body) %>
...but where do I define what tags aren't allowed? In the Post model or in a sanitize_helper? What is the correct syntax here?
Here's the documentation link for the sanitize method in Rails 2.3.8. With that in mind you'll be able to define allowed tags in this way:
<%= sanitize(simple_format(#post.body), :tags => %w(p span strong)) %>
Note that you can define them also inside the Rails Initializer:
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
end
I hope you find this helpful!
Related
I want to make a view for my website coded in RoR wherein all the available path are listed as links. Is there any way to access the views for various models from the program?
For example, something like:
<%model.views.each do |v| %>
<%= link_to v %>
<% end %>
You could use the sitemap_generator or dynamic_sitemaps gem to generate Sitemaps for your application.
You can use named routes, which allows you to create a link to a different part of your rails app, based on names you set in routes.rb. You can also include route parameters, too, which makes it easy to link to models.
In your routes.rb
get 'test_route/:id' => 'example#controller', as :test
In controllers/views:
link_to #example.name, test_path(id: #example.id)
Further reading on named routes
Im not sure why you want this :), but this will give you the routes
Rails.application.routes.routes
if you want to get all the paths as an array
Rails.application.routes.routes.collect {|r| r.path.spec.to_s }
I have a form where I'd like to be able to input a web address, like "google.com", into a form field, and be able to click on this link in the show view of the submitted form.
How can I accomplish this?
show.html.erb
<p>
<strong>Website:</strong>
<%= link_to #video.website, #video.website %>
</p>
Scaffolding will handle it like Jason Swett said. If you are looking to put it in a link in show just do something like this:
<%=link_to #link.name, "http://"+#link.url%>
If that doesn't work you could always do:
<%=#link.name%>
Scaffolding will handle this for you. I recommend going through the Rails Guides, especially this one: http://guides.rubyonrails.org/generators.html
And more specifically, you can generate a model with an attribute called url like this:
rails generate scaffold Thing url:string
And then run your migrations:
rake db:migrate
You should end up with some views in app/views/thing/ and a controller at app/controllers/thing_controller.rb. That should put you on your way.
If you have a model that has an attribute like web_address, you can do:
= text_field_tag, "web_address", ""
(using HAML syntax and tags for form_tag)
And then in your show you can do:
= link_to model.web_address, model.web_address
Which will make a link like: http://www.google.ca
I am using bb-code in a Rails application for postings and comments. At the moment, I have the following to put a post's content in a view:
<%= #post.content.bbcode_to_html.html_safe.gsub('<a', '<a rel="nofollow"') %>
What is the best way to convert the bb-code to html and add "nofollow" to all links?
Thanks!
The bb-ruby gem you are using allows for using custom BBCode translations passed as parameters to the bbcode_to_html method. However, if you really want ALL links to contain the rel="nofollow", I think your best bet is going to be monkey patching them gem itself. Based on the BBRuby source, you want to do this:
module BBRuby
##tags = ##tags.merge({
'Link' => [
/\[url=(.*?)\](.*?)\[\/url\]/mi,
'\2',
'Hyperlink to somewhere else',
'Maybe try looking on [url=http://google.com]Google[/url]?',
:link],
'Link (Implied)' => [
/\[url\](.*?)\[\/url\]/mi,
'\1',
'Hyperlink (implied)',
"Maybe try looking on [url]http://google.com[/url]",
:link],
'Link (Automatic)' => [
/(\A|\s)((https?:\/\/|www\.)[^\s<]+)/,
' \2',
'Hyperlink (automatic)',
'Maybe try looking on http://www.google.com',
:link]
})
end
This will rewrite the BBRuby translator to always include a nofollow attribute. I would put this in config/initializers with a descriptive filename such as bbruby_nofollow_monkeypatch.rb
As for the html_safe, I would leave that as is. As I understand it that is a preferred way of doing it and in my opinion it keeps your intent clear. The above monkey patch makes the line in your view more readable:
<%= #post.content.bbcode_to_html.html_safe %>
So I'm trying to get reCaptcha to render on a partial form view that uses HAML. I have tried using the :ruby filter and then adding <%= recaptcha_tags %> but that didn't work, neither has anything else that I've found. Is there a way to implement this?
*Revision
Ahem, more specifically, can anyone tell me what I need to have for the <%= recaptcha_tags %> helper? Every thing I find on this subject just says "Add <%= recaptcha_tags %> wherever you want it to appear!" and absolutely nothing on what the helper should contain.
*Another Revision
I am indeed trying to use Ambethia. I tried using just = recaptcha_tags but that didn't work, I got an error saying it was an undefined variable or method. I installed the Ambethia/reCaptcha as a plugin using script/plugin install git://github.com/ambethia/recaptcha.git and I put config.gem "ambethia-recaptcha", :lib => "recaptcha/rails", :source => "http://gems.github.com" in environment.rb along with my public/private keys.
*Started Over
Okay, got rid of everything I had done initially. Can anyone help me with this? I follow all of the tutorials I can find on it, but none of them explain how to implement/create the helpers for <%= recaptcha_tags %> or <%= verify_recaptcha %>. I'm obviously new to RoR and implementing reCaptcha of any kind, so I'm sorry I'm asking for my hand to be held but I am honestly lost and am not finding any guidance anywhere! Thanks so much anyone and everyone.
did you try simply:
= recaptcha_tags
You don't mention the plugin you're using. I'm assuming this one. If that's the case, the recaptcha_tags helper will return the HTML for the captcha, and you'd insert it into whichever forms you wanted the captcha to appear on.
The <%= %> around recaptcha_helper aren't part of the helper, but rather the way you insert content into erb templates (and other templating languages resembling erb). In Haml you don't need the surrounding tag. It's just =.
I had the same problem and I finally solved it realizing that my form was called asynchronously.
I added:
= recaptcha_tags :ajax => true
and captcha appeared.
Hope this could help the original question.
I have a form that populates various values, then posts those values to a page when the user submits. Now, I wish to see what params[] contains (by displaying it on the page I post to) just to fool around with my form definitions a little bit. I looked for an easy way to render params, but haven't quite found the solution. Any helpful suggestions SO?
thanks in advance
Another way is to make use of the helper functions for debugging as described in http://guides.rubyonrails.org/debugging_rails_applications.html
The technique, as previously described is to use params.to_yaml.
Alternatively, in your application.html.erb file put the code
<%= debug(params) if Rails.env.development? %>
after the <%= yield %> call
This will display in the view the params, for example
--- !map:ActiveSupport::HashWithIndifferentAccess
action: edit
controller: contracts
id: "8"
The nice feature is that the information is only output in the Development mode environment, as per the check that is executed to determine which Rails environment is running.
Try <%= params.to_yaml %> in your view
Try using in this view in the view you are posting
<%= params[:name_of_posted_param].each {|param|
params //do something with the param here
} %>
A better way would be to do this in the helper and pass the returning variable in the view.
-R