Nick Ginanto
Reputation: 32190
Escaping text so it would remain readable
I have a method which looks like this
def full
"#{self.first} #{self.second}"
end
problem is that I want to escape it, so to do it in the model I do
def full
ERB::Util.h("#{self.first} #{self.second}")
end
but if first or second have & in it, it would give me & instead of &
also if they have apostrphies ' it would escape them and make it unreadable..
Is there a way to avoid XSS and make the string readable as well?
Upvotes: 0
Views: 34
Answers (1)
Related Questions
- Sanitize output in Rails
- Don't escape html in ruby on rails
- Rails form text_field escaping html
- Html escaping in a Rails 3 view
- Encode/escape HTML string in Ruby on Rails
- Escaping HTML in Rails
- How to fix this XSS in Rails
- Rails HTML escaping
- Safely display html encoded values in Rails
- Ruby on Rails: How best to escape a string in a model?