timpone
Reputation: 19929
html_safe and still escaped html
html_safe and still escaped html
I have the following reply helper:
def mb_reply_login post
if current_user
"<button data-depth='" + post.depth.to_s + "' data-post-id='" + post.id.to_s + "' class='mb_btn mb_reply btn'>reply</button>".html_safe
else
...
end
and call it from within views like so:
<%=mb_reply_login post %>
However, it's return escaped html and am confused as to why? It seems like it shouldn't according to Don't escape html in ruby on rails and the rails api.
How would I return unenscaped html? I tried
"<button data-depth='" + post.depth.to_s.html_safe + "' data-post-id='" + post.id.to_s.html_safe + "' class='mb_btn mb_reply btn'>reply</button>".html_safe
but no dice
thx in advance
Upvotes: 1
Views: 617
Answers (1)
wless1
Reputation: 3549
When you concatenate strings in Ruby on Rails, every single String that hasn't been marked as html_safe is first escaped before concatentating.
Using your second snippet, make sure to call .html_safe on every string (including the constants such as:
"<button data-depth='"
Better yet, you can use interpolation, such as:
"<button data-depth='#{post.depth.to_s.html_safe}'
data-post-id='#{post.id.to_s.html_safe}'
class='mb_btn mb_reply btn'>reply</button>".html_safe
Upvotes: 4
Related Questions
- How do I prevent my HTML tags from getting escaped?
- Render escaped html in Rails
- Don't escape html in ruby on rails
- Forcing HTML Escaping in Rails 3
- Form a html_safe string in rails
- Escaping HTML in Rails
- Rails HTML escaping
- Strange behavior with html_escape
- HTML escaped in Rails 3
- How to automatically escape HTML in Ruby on Rails?