Tolga
Reputation: 1357
Rails - View Template - Insert <BR> within ERB Tag
I would like to insert HTML <BR> tag within the link_to ERB tag as show below:
<%= link_to((@Name + "<BR>" + @Surname), my_action_path %>
What would be the correct way of doing this?
Upvotes: 0
Views: 605
Answers (3)
Simple Lime
Reputation: 11035
Since @Name and @Surname seem like they could be user-entered, you'll want to be careful here...
<% @name = "<script>alert('bad');</script>First Name"
@surname = "<script>alert('another bad');</script>Last Name" %>
<%= link_to(("".html_safe + @name + "<br />".html_safe + @surname), '#') %>
Trying with either of the other answers leaves you with 2 alert boxes (meaning you now have a XSS vulnerability)...this way outputs the script tags as text
Upvotes: 0
Nazeef Ahmad Meer
Reputation: 113
<%= link_to( raw(@Name+"<br>"+@Surname) , my_action_path ) %>
You can achieve this using 'raw' function provided by rails.
Upvotes: 2
Related Questions
- How do you display a HTML in view on Ruby on Rails?
- Indentation in ERB templates
- Generate HTML in ERB Template View
- Rails embed html tag inside an erb tag?
- How do I add a <br> into my ERB tag?
- How to escape erb tags for a template in rails view file?
- string does not display as html in erb
- Adding a dynamic erb tag in a <span> not working
- How to render html content with erb tags in rails?
- How do I insert variable values into HTML tags in ERB templates?