Ruby on Rails: how to render a string as HTML?

by

UPDATE

For security reasons, it is recommended to use sanitize instead of html_safe.

<%= sanitize @str %>

What’s happening is that, as a security measure, Rails is escaping your string for you because it might have malicious code embedded in it. But if you tell Rails that your string is html_safe, it’ll pass it right through.

@str = "<b>Hi</b>".html_safe
<%= @str %>

OR

@str = "<b>Hi</b>"
<%= @str.html_safe %>

Using raw works fine, but all it’s doing is converting the string to a string, and then calling html_safe. When I know I have a string, I prefer calling html_safe directly, because it skips an unnecessary step and makes clearer what’s going on. Details about string-escaping and XSS protection are in this Asciicast.

More Related Contents:

  1. How to HTML encode/escape a string? Is there a built-in?
  2. How to avoid joining all text from Nodes when scraping
  3. How do I encode/decode HTML entities in Ruby?
  4. How to strip HTML tags from a string in SQL Server?
  5. How can I force a long string without any blank to be wrapped?
  6. Test if string is a number in Ruby on Rails
  7. Converting camel case to underscore case in ruby
  8. Form is submitted when I click on the button in form. How to avoid this?
  9. How do I set the HTML options for collection_select in Rails?
  10. How do I pretty-print HTML with Nokogiri?
  11. AngularJS: Insert HTML from a string
  12. Why is the first element always blank in my Rails multi-select, using an embedded array?
  13. Strip all HTML tags except links
  14. Converting string from snake_case to CamelCase in Ruby
  15. How do I parse an HTML table with Nokogiri?
  16. String attribute values in multiple lines, HTML
  17. What does #/ means in url?
  18. How to URL encode a string in Ruby
  19. How to check if a string is a valid date
  20. Adding icon to rails application
  21. How to get the HTML source of a webpage in Ruby [duplicate]
  22. Can’t scroll HTML page down to see full content
  23. Center a DIV horizontally and vertically [duplicate]
  24. How to create custom tags for HTML [closed]
  25. Css height in percent not working [duplicate]
  26. Circular percent progress bar
  27. CSS side by side div’s auto equal widths
  28. What is it when a link has a pound “#” sign in it
  29. Stylesheet taken-over/replaced by Chinese characters
  30. Bootstrap 3 Flush footer to bottom. not fixed

Leave a Comment