CODEWITHSUNDEEP
htmlruby-on-railsruby
Sanarothe
Sanarothe

Reputation:

(rails) taking from DB and rendering into HTML

I'm building a website for my Web Dev class, and I'm stuck on rendering HTML. I want to be able to use a simple form (Pretty much all I have right now is a scaffold for this controller, and I attempted sticking a content_type into my controller, but no progress.) to submit text and have it rendered as HTML. The idea is that, since this class requires a bunch of crap copied out of the book as examples and reference for HTML, maybe I could serve them up in the same way as the blog posts. (All on the same page, using the same layout. The only thing that changes is a content div below the Blog list and the Data (Controller in question) list.

So, in short, my question is: How do I get text fetched from DB to render the html tags rather than displaying as plaintext?

Thank you, and please let me know if supplementary information is necessary. Cameron

Edit: (Adding code. It's really almost nothing past scaffolding, but, whatevs.) Also, not sure how the code snippet tool is supposed to work. I hope it folds.

 class DatapostsController < ApplicationController



before_filter :header




def header
response.headers['Content-type'] = 'text/html; charset=utf-8'
end



# GET /dataposts
  # GET /dataposts.xml
  def index
    @dataposts = Datapost.all
    @posts = Post.all



respond_to do |format|
  format.html # index.html.erb
  format.xml  { render :xml => @dataposts }
end




end



# GET /dataposts/1
  # GET /dataposts/1.xml
  def show
    @dataposts = Datapost.all
    @datapost = Datapost.find(params[:id])
    @posts = Post.all



respond_to do |format|
  format.html # show.html.erb
  format.xml  { render :xml => @datapost }
end




end
end

This is the view where it's to be rendered. It's a partial that's called from a content_for that's called by the homepage.

<p>
  <small>Post title</small>
  <%=h @datapost.title %>
</p>
<hr />
<p>
  <%=h @datapost.body %>
</p>
<hr />
<hr />


<%= link_to 'Back', dataposts_path %>

I'll go ahead and push what I have onto prod. server for an idea of what I want the functionality to be like.

http://www.sanarothe.com (~5 minutes after edit)

Upvotes: 0

Views: 706

Answers (1)

Sarah Mei
Sarah Mei

Reputation: 18484

The h method you're calling here:

<%=h @datapost.body %>

is also known as html_escape - here's the relevant link in the documentation. Remove it and your HTML tags should render appropriately.

You should always display code you get from a user with the h method to prevent cross-site scripting attacks. But if it's code you scraped from a book (or whatever) it should be fine.

Upvotes: 3

Related Questions