futureshocked
Reputation: 2105
Rails 3: how to reverse ERB "<%=" default behaviour so I can inject HTML?
My question relates to this one, but I am trying to reverse the default Rails 3 behavior of "<%=" so that I can inject HTML.
In my scenario, I have an old Rails 2 plug that generates HTML. My view will then need to inject this HTML in the page.
When this plugin creates HTML like this stored in a variable html_to_show:
<p class="notice"><span></span>Sorry about this, but we have a problem...</p><p class="error"><span></span>Cannot go to next step</p>
and in the view I try to show the contents of html_to_show like this:
<%= html_to_show %>
... what I get in my browser is this:
<p class="notice"><span></span>Sorry about this, but we have a problem...</p><p class="error"><span></span>Cannot go to next step</p>
How can I get Rails 3 to inject the contents of html_to_show exactly as it is, without any sanitization?
Upvotes: 0
Views: 1633
Answers (2)
vonconrad
Reputation: 25377
Short answer:
<%= html_to_show.html_safe %>
Long answer:
Rails escapes all html to protect from XSS attacks. Adding .html_safe prevents the escaping.
Upvotes: 7
Related Questions
- How to escape all HTML in a block in Rails ERB view
- Escaping special characters in rails .erb file
- Render <%= %> as a String in an .html.erb View?
- Mix HTML and non-HTML strings in Rails ERB
- Disable HTML escaping in erb templates
- Html escaping in a Rails 3 view
- Difference between <% and <%=
- How to render html content with erb tags in rails?
- Rails ignoring whitespace before <%= inserts
- How to make html code in erb tag not escaped