link_to with target blank with Rinku

Question

When I click on a link I would like to make it go to a new page. How would I add target: "_blank" using the Rinku gem? My code is below, which is from my view.

<p><%= Rinku.auto_link(win.description).html_safe %></p>

Answer 1

Be careful when calling html_safe, the code above is vulnarable:

<%= Rinku.auto_link("<script>alert('hi')</script>", :all, 'target="_blank"').html_safe %>

You could see nice Hi! executed.

To avoid it, you must escape the content:

<%= Rinku.auto_link(h("<script>alert('hi')</script>"), :all, 'target="_blank"').html_safe %>

Now, you can see <script>alert('hi')</script> as expected.

Answer 2

<p><%=Rinku.auto_link(win.description, :all, "target='_blank'").html_safe %></p>

Rinku.auto_link takes 3 parameters

text: string,

mode: symbol,

link_attr: string

Pass all 3 parameters correctly and it works. Refer docs: https://github.com/vmg/rinku

Answer 3

The following work for me:

<p><%=Rinku.auto_link(win.description, :all, 'target="_blank"').html_safe %></p>

It is similar to Zishe's answer above, but by changing target: '_blank' to 'target="_blank", it avoids the "wrong argument type Hash (expected Symbol)" error to which Zach S was referring.

Answer 4

<p><%= Rinku.auto_link(win.description, html: { target: '_blank' }).html_safe %></p>

Update: Maybe you have an old version, try this:

<p><%= Rinku.auto_link(win.description, target: '_blank' ).html_safe %></p>

documentation