CODEWITHSUNDEEP
ruby-on-railsiframeyoutubeembed
Janko
Janko

Reputation: 9305

Youtube embed link not displaying in Rails

I'm making resourceful routes for youtube videos. So, a person just pastes the youtube embed link in the form. In the controller I have a normal set of resourceful actions:

class VideosController < ApplicationController
  def index
    @videos = Video.all
  end

  def new
    @video = Video.new
  end

  def create
    Video.create(params[:video])
    redirect_to :action => :index
  end

  def destroy
    Video.destroy(params[:id])
    redirect_to :action => :index
  end
end

And in the view I'm just displaying it: (in Haml)

- @page_title = 'Video'

#videos
  %ul
    = list_of(@videos) do |video|
      %h1= video.title
      != video.link
      = link_to "Delete", video_path(video), :method => :delete

  = link_to "Add new video", new_video_path

  %p#top
    = link_to 'Go to top ↑', '#'

For the one who don't use Haml, != escapes the string. video.link holds the YouTube embed code

The problem is that, when I create a new video, and when it redirects me back to the index page, the newly created video isn't displayed (the other ones are normally displayed). Only after I refresh the page, it's normally displayed.

I saw in the web inspector that the src attribute is missing from the iframe (so that's why the video isn't displayed). But when I look in the page source, everything is normal there. So, thinking it may be Javascript's fault, I tried disabling it. But nothing changed.

Upvotes: 1

Views: 2742

Answers (1)

Jesse Wolgamott
Jesse Wolgamott

Reputation: 40277

I don't think you want to escape it using haml... I think you want to call 

video.link.html_safe

Note: if the user is pasting in the link, this is very unsafe.

Update --- If you have the javascript develop console open, you'll see this error pop up:

**Refused to execute a JavaScript script. Source code of script found within request.**

Check this answer for why it's refusing to due XSS Here's a method that is both safe and works. You'll paste in the youtube ID in the text field: ibWYROwadYs

index.erb

<% if session[:youtube].present? %>
  <iframe width="480" height="360" src="http://www.youtube.com/embed/<%=session[:youtube]%>" frameborder="0" allowfullscreen></iframe>
<% end %>

<%= form_tag load_path do %>
  <%= text_field_tag :youtube_id %>
  <%= submit_tag "Submit" %>
<% end %>

<%= link_to "Clear", clear_path, :method => :delete %>

home_controller.rb

class HomeController < ApplicationController
  def index
  end

  def smth
    session[:youtube] = params[:youtube_id]
    redirect_to :action => :index
  end

  def clear
    session.clear
    redirect_to :action => :index
  end
end

Upvotes: 1

Related Questions