0

I'm building a website for my Web Dev class, and I'm stuck on rendering HTML. I want to be able to use a simple form (Pretty much all I have right now is a scaffold for this controller, and I attempted sticking a content_type into my controller, but no progress.) to submit text and have it rendered as HTML. The idea is that, since this class requires a bunch of crap copied out of the book as examples and reference for HTML, maybe I could serve them up in the same way as the blog posts. (All on the same page, using the same layout. The only thing that changes is a content div below the Blog list and the Data (Controller in question) list.

So, in short, my question is: How do I get text fetched from DB to render the html tags rather than displaying as plaintext?

Thank you, and please let me know if supplementary information is necessary. Cameron

Edit: (Adding code. It's really almost nothing past scaffolding, but, whatevs.) Also, not sure how the code snippet tool is supposed to work. I hope it folds.

 class DatapostsController < ApplicationController



before_filter :header




def header
response.headers['Content-type'] = 'text/html; charset=utf-8'
end



# GET /dataposts
  # GET /dataposts.xml
  def index
    @dataposts = Datapost.all
    @posts = Post.all



respond_to do |format|
  format.html # index.html.erb
  format.xml  { render :xml => @dataposts }
end




end



# GET /dataposts/1
  # GET /dataposts/1.xml
  def show
    @dataposts = Datapost.all
    @datapost = Datapost.find(params[:id])
    @posts = Post.all



respond_to do |format|
  format.html # show.html.erb
  format.xml  { render :xml => @datapost }
end




end
end

This is the view where it's to be rendered. It's a partial that's called from a content_for that's called by the homepage.

<p>
  <small>Post title</small>
  <%=h @datapost.title %>
</p>
<hr />
<p>
  <%=h @datapost.body %>
</p>
<hr />
<hr />


<%= link_to 'Back', dataposts_path %>

I'll go ahead and push what I have onto prod. server for an idea of what I want the functionality to be like.

http://www.sanarothe.com (~5 minutes after edit)

Improve this question
2
  • Why not post your code - it'll be much easier to suggest what the fix might be then. Commented Apr 28, 2009 at 20:58
  • You do need to post the view code. Just paste it into the textbox, select it, and hit the button that looks like binary on the top of the textbox. Don't add HTML tags. Commented Apr 28, 2009 at 21:45

1 Answer 1

Reset to default
3

The h method you're calling here:

<%=h @datapost.body %>

is also known as html_escape - here's the relevant link in the documentation. Remove it and your HTML tags should render appropriately.

You should always display code you get from a user with the h method to prevent cross-site scripting attacks. But if it's code you scraped from a book (or whatever) it should be fine.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Aha! Thanks. It's always something simple >.<

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.