CODEWITHSUNDEEP
htmlescaping
Undistraction
Undistraction

Reputation: 43402

Unescaping HTML string

I have the inherited the following string (I can do nothing about the format):

 <iframe \n  class=\"some_class\"\n  type=\"text/html\" \n  src=\"/embed/iframe_content.html?id=tsqA5D7_z10\" \n  width=\"960\" \n  height=\"593\" \n  marginwidth=\"0\" \n  marginheight=\"0\" \n  frameborder=\"0\">\n</iframe>

I am rendering it in an erb template like this:

<%= the_string %>

At the moment it renders as text like this:

&lt;iframe  class="some_class" type="text/html" src="/embed/iframe_content.html?id=tsqA5D7_z10" width="960" height="593"  marginwidth="0" marginheight="0" frameborder="0"&gt;&lt;/iframe&gt;

I need to render it as HTML.

I have tried the following:

  1. <%= the_string.html_safe %> # Renders the string unchanged
  2. <%= CGI.unescapeHTML(the_string) %> # Errors with a Type Error 'can't dup NilClass'
  3. <%= CGI.unescapeHTML(the_string).html_safe %> # Errors with a Type Error 'can't dup NilClass'
  4. <%= raw the_string %> # Renders the string unchanged

How can I render this string as HTML?

Upvotes: 15

Views: 20665

Answers (5)

user1415428
user1415428

Reputation: 99

what you are unescaping must not be a string and thats why you are getting Errors with a Type Error can't dup NilClass

Try doing
s = String.new your_obj.to_s

Now do

CGI.unescapeHTML(s)

Upvotes: 9

Undistraction
Undistraction

Reputation: 43402

In the end I had to use the HTMLEntities Gem suggested by Matthew;

  1. Installed the gem with RVM and added it to my Gemfile

  2. Required it in my application.rb

  3. The following was the only way I could get it to render correctly. Note the extra single quotes wrapped around the_string. Without them the angle brackets don't render, though everything else does.

    coder = HTMLEntities.new
raw coder.decode("'"+the_string+"'")

Upvotes: 4

Matthew
Matthew

Reputation: 13332

As you seem to have noticed, there are two things you need to take care of:

  1. Unescaping the HTML entities
  2. Printing the raw html in your view

For number 2 <%= raw ... %> should work fine.

For number 1 CGI.unescapeHTML was the right idea, but I don't think it recognizes all HTML entities so I would recommend taking a look at the HTML Entites gem

You can also try and use the simple_format helper method, but I think you are going to have to pass it some options for it to allow the <iframe> tag

also I would strongly suggest moving your unescaping logic into a helper method.

Upvotes: 23

iltempo
iltempo

Reputation: 16012

Version 3 sounds valuable. Any reason why you are not using the_string?

<%= raw CGI.unescapeHTML(the_string) %>

Upvotes: 1

RadBrad
RadBrad

Reputation: 7304

You can try this:

<%= raw the_string %>

Upvotes: 1

Related Questions