6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Html Safe Flash Hash in Rails 4?\",\"text\":\"

I would like to put a link in my flash hash.

\\n\\n

I have setting my flash hash like this:

\\n\\n

flash.now[:notice] = \\\"<a href='http://google.com'>foo</a>\\\".html_safe\\n

\\n\\n

And in the view I have:

\\n\\n

= notice.html_safe\\n

\\n\\n

However, characters such as \\\"<\\\" are still escaped and the link does not work.

\\n\\n

I can see how this may make it easier for hackers to do XSS injections. Is that the reason this is disabled? Or is there something else I must do to make this work?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"newUserNameHere\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","ruby-on-rails",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails/1","children":"ruby-on-rails"}]}],["$","span","ruby-on-rails-4",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails-4/1","children":"ruby-on-rails-4"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/LZg07.jpg?s=256","alt":"newUserNameHere","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2229277/newusernamehere","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"newUserNameHere"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",18001]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Html Safe Flash Hash in Rails 4?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I would like to put a link in my flash hash.

\n\n

I have setting my flash hash like this:

\n\n

flash.now[:notice] = \"<a href='http://google.com'>foo</a>\".html_safe\n

\n\n

And in the view I have:

\n\n

= notice.html_safe\n

\n\n

However, characters such as \"<\" are still escaped and the link does not work.

\n\n

I can see how this may make it easier for hackers to do XSS injections. Is that the reason this is disabled? Or is there something else I must do to make this work?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",284]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","27926360",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/h8GFl.jpg?s=256","alt":"Hiroaki Machida","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2288621/hiroaki-machida","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Hiroaki Machida"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1090]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

To unescape, you need

\n\n

= raw notice\n

\n\n

\nUPDATE

\n\n

In addition to the above, please try

\n\n

flash.now[:notice] = \"<a href='http://google.com'>foo</a>\"\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","66786063",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/66786063","className":"text-blue-600 hover:underline","children":"Why can't I access contents of flash when it's a hash?"}]}],["$","li","4604617",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4604617","className":"text-blue-600 hover:underline","children":"How secure is the flash hash?"}]}],["$","li","26538891",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26538891","className":"text-blue-600 hover:underline","children":"Flash message with html_safe from the controller in Rails 4 (safe version)"}]}],["$","li","31625326",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31625326","className":"text-blue-600 hover:underline","children":"How to use html_safe in a secure manner?"}]}],["$","li","29997574",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29997574","className":"text-blue-600 hover:underline","children":"Flash and rails with HTML"}]}],["$","li","9013873",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9013873","className":"text-blue-600 hover:underline","children":"Rendering safe html in Rails 3"}]}],["$","li","12815936",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12815936","className":"text-blue-600 hover:underline","children":"Can I make a flash like hash in rails?"}]}],["$","li","6208147",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6208147","className":"text-blue-600 hover:underline","children":"Ruby/Rails - Is there an easy way to make hard-coded HTML symbols html_safe?"}]}],["$","li","4865269",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4865269","className":"text-blue-600 hover:underline","children":"Rails 3 / Controller / Flash hash"}]}],["$","li","4848559",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4848559","className":"text-blue-600 hover:underline","children":"Rails: When the "flash" hash becomes empty?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Html Safe Flash Hash in Rails 4?

Answers (1)

Related Questions