Ruby on Rails how to render a string as HTML

Question

I have   str     lt b gt Hi lt  b gt     and in my erb view    lt     str   gt    What will display on the page is   lt b gt Hi lt  b gt  when what I really want is Hi  What s the ruby way to  interpret  a string as HTML markup     Edit  the case where   str     lt span class   classname   gt hello lt  span gt     If in my view I do   lt  raw  str   gt    The HTML source code is  lt span class   classname   gt hello lt  span  where what I really want is  lt span class  classname  gt hello lt  span gt   without the backslashes that were escaping the double quotes   What s the best way to  unescape  those double quotes

User · Answer

You are mixing your business logic with your content. Instead, I'd recommend sending the data to your page and then using something like JQuery to place the data where you need it to go.

This has the advantage of keeping all your HTML in the HTML pages where it belongs so your web designers can modify the HTML later without having to pour through server side code.

Or if you're not wanting to use JavaScript, you could try this:

@str = "Hi"

<b><%= @str ></b>

At least this way your HTML is in the HTML page where it belongs.

User · Answer

UPDATE For security reasons  it is recommended to use sanitize instead of html safe   lt    sanitize  str   gt    What s happening is that  as a security measure  Rails is escaping your string for you because it might have malicious code embedded in it  But if you tell Rails that your string is html safe  it ll pass it right through   str    quot  lt b gt Hi lt  b gt  quot  html safe  lt     str   gt   OR  str    quot  lt b gt Hi lt  b gt  quot   lt     str html safe   gt   Using raw works fine  but all it s doing is converting the string to a string  and then calling html safe  When I know I have a string  I prefer calling html safe directly  because it skips an unnecessary step and makes clearer what s going on  Details about string-escaping and XSS protection are in this Asciicast

User · Answer

Use raw    lt   raw  str  gt    But as  jmort253 correctly says  consider where the HTML really belongs

User · Answer

The html safe version works well in Rails 4      lt      lt center style   color  green  font-size  1 1em    gt  Administrators only  lt  center gt   html safe if current user admin     gt

User · Answer

If you re on rails which utilizes Erubis     the coolest way to do it is   lt      str  gt    Note the double equal sign  See related question on SO for more info

User · Answer

You can also use simple format  str  which removes malicious code   Read more here  http   api rubyonrails org classes ActionView Helpers TextHelper html method-i-simple format

User · Answer

since you are translating  and picking out your wanted code from a person s crappy coded file  could you use content tag  in combo with your regex s   Stealing from the api docs  you could interpolate this translated code into a content tag like    lt    content tag translated tag type to sym   class   gt     translated class   do -  gt   lt    translated text   gt   lt   end -  gt      gt   lt div class  strong  gt Hello world  lt  div gt    Not knowing your code  this kind of thinking will make sure your translated code is too compliant

User · Answer

Or you can try CGI unescapeHTML method   CGI unescapeHTML   amp lt p amp gt This is a Paragraph  amp lt  p amp gt     gt    lt p gt This is a Paragraph  lt  p gt

User · Answer

str     lt span class   classname   gt hello lt  span gt     If in my view I do       lt  raw  str   gt    The HTML source code is  lt span class   classname   gt hello lt  span gt  where what I really want is  lt span class  classname  gt hello lt  span gt   without the backslashes that were escaping the double  quotes   What s the best way to  unescape  those double quotes    Solution  use double quotes inside of single quotes  or single inside of double  to avoid escaping with a backslash    str     lt span class  classname  gt hello lt  span gt    lt  raw  str   gt

[html] Ruby on Rails: how to render a string as HTML?

Examples related to html

Examples related to ruby-on-rails

Examples related to ruby

Examples related to string