Topic: rendering html in show scaffold

I created a blog scaffold and created my first post. Works like you would expect with the scaffold.  I'd like to expand on it from here and have it render the html in the summary field.  Right now it looks like this:

Wow, this is so fast<br /> Does it understand <b>html</b>?

Instead I'd like to have it actually use those html tags. I poked around in Mephisto but they seem to be using something called liquid templates which might be overkill for me. 


Thanks..
Vince

Re: rendering html in show scaffold

How are you displaying the blog post summary? Since it is using HTML directly, it should just work, unless you are wrapping the output in the "h" method which escapes all HTML tags to prevent from malicious attacks through HTML injection.


Don't do this:

Summary: <%= h post.summary %>

Do this:

Summary: <%= post.summary %>

Railscasts - Free Ruby on Rails Screencasts

Re: rendering html in show scaffold

Ah, I've often wondered what that 'h' was for.  Yes, removing it from the scaffold solved my problem.  Thank you!

As a follow-up, is there a simple way to have it interpreted as plain text instead? So the carriage returns come through?  Eventually I'll create a checkbox for my users to select how to format, either plain text or html.

Thanks..

Last edited by viniosity (2006-08-25 14:33:09)

Re: rendering html in show scaffold

Yep! There's a helper method called simple_format that just adds the line breaks:

Summary: <%= simple_format(post.summary) %>

BTW, make sure you trust the users before allowing them to type in HTML directly. Just leaving a tag open can really screw up the site layout.

Railscasts - Free Ruby on Rails Screencasts

Re: rendering html in show scaffold

ryanb wrote:

BTW, make sure you trust the users before allowing them to type in HTML directly. Just leaving a tag open can really screw up the site layout.

Thank you!  Is there an easy way to constrain the allowable tags?  Maybe allow formatting tags (bold, italic, underline) but not others?  I found a link (haven't tried this yet) which allows adding easy formatting via javascript.  Still an advanced user might insert something malicious without a search.

link: http://www.aidanf.net/adding-a-rich-tex … pplication

Re: rendering html in show scaffold

Look into the other text helper methods, specifically textilize and markdown. Those allow you to do simple formatting, but I think they still accept HTML tags so I don't know how secure it is.

If you do go with Textile or Markdown, don't forget to install the related RedCloth/BlueCloth gem.

Railscasts - Free Ruby on Rails Screencasts

Re: rendering html in show scaffold

ryanb wrote:

Look into the other text helper methods, specifically textilize and markdown. Those allow you to do simple formatting, but I think they still accept HTML tags so I don't know how secure it is.

<%= textilize h @something.content %>

Just escape the HTML before applying textile/markdown and you should be good. Users might hate you but you'll be safe from screwed up HTML smile

vinnie - rails forum admin