3

I recently made a small rails3 app to convert an old cms written in another language. After migrating the content I am having problems outputting content from the database.

The @content.desc field sometimes has html. Currently the only way I could get it to work was:

<%= sanitize content.desc %>

But is this the best way? When I use <%=h @content.desc %> I can see the html tags still. When I use <%= simple_format @content.desc %> I get wicked spacing.

Is there a definitive guide somewhere where I can see all of the options while outputting content? I've tried to search but can't turn anything up (rails newb, i know).

4

3 回答 3

5

默认情况下,任何未标记为“安全”的字符串在 Rails 3 中都将被 HTML 转义。一些方法,例如sanitize,hlink_to许多其他帮助器返回安全字符串,从而允许按字面意思编写它们。有关更多信息,请参阅此博客文章

如果您确定其中包含的 HTML@content.desc是安全的,您可以像这样自己标记它<%= @content.desc.html_safe %>

于 2011-01-14T00:06:01.990 回答
2

Rails 3 已将 HTML 清理更改为默认启用。如果您确定要呈现的字符串是安全的,则可以使用

<%= @content.desc.html_safe! %>

于 2011-01-14T00:10:54.697 回答
0

除非我弄错了,否则您不必在显示内容之前对其进行清理,因为 Rails 3 默认情况下会这样做。更多信息在这里:http: //yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/

于 2011-01-14T00:05:10.543 回答