Reputation: 4679
How can escape HTML tag in my parameter list using CGI::escapeHTML in Rails
I am working with my Rails-2 application. I have a form which submits 12 parameters. I want to apply CGI::escapeHTML for all my params. I knew that i can't use like the below
CGI::escapeHTML(params). Because here params comes as Hash. Is that any way available in Rails to apply this in a effective way. Kindly help on this. Thanks in advance.
I followed the below URL guide but i couldn't succeed.
http://www.ruby-doc.org/stdlib-1.8.7/libdoc/cgi/rdoc/CGI.html
Upvotes: 1
Views: 1025
Answers (1)
Reputation: 10416
You can iterate over the params hash escaping the HTML.
params.each do |key, value|
params[key] = CGI::escapeHTML(value)
end
You probably want to select only the attributes you actually want to do this for though as the params hash also contains things like the controller and action. e.g.
params[:model_name].each do |key, value|
params[:model_name][key] = CGI::escapeHTML(value)
end
From your recent comment though you'd be better off doing this in the model overriding the setters
def attribute_name=(value)
self.attribute_name = CGI::escapeHTML(value)
end
Upvotes: 2
Related Questions
- How do I prevent my HTML tags from getting escaped?
- How to encode symbols using CGI::escape
- CGI::escapeHTML is escaping single quote
- Render escaped html in Rails
- Don't escape html in ruby on rails
- Forcing HTML Escaping in Rails 3
- Encode/escape HTML string in Ruby on Rails
- Escaping HTML in Rails
- How can I escape HTML in a Rails 3.1 controller method?
- How to automatically escape HTML in Ruby on Rails?