Tuesday, May 3, 2011

(rails) taking from DB and rendering into HTML

Hi. I'm building a website for my Web Dev class, and I'm stuck on rendering HTML. I want to be able to use a simple form (Pretty much all I have right now is a scaffold for this controller, and I attempted sticking a content_type into my controller, but no progress.) to submit text and have it rendered as HTML. The idea is that, since this class requires a bunch of crap copied out of the book as examples and reference for HTML, maybe I could serve them up in the same way as the blog posts. (All on the same page, using the same layout. The only thing that changes is a content div below the Blog list and the Data (Controller in question) list.

So, in short, my question is: How do I get text fetched from DB to render the html tags rather than displaying as plaintext?

Thank you, and please let me know if supplementary information is necessary. Cameron

Edit: (Adding code. It's really almost nothing past scaffolding, but, whatevs.) Also, not sure how the code snippet tool is supposed to work. I hope it folds.

 class DatapostsController < ApplicationController



before_filter :header




def header
response.headers['Content-type'] = 'text/html; charset=utf-8'
end



# GET /dataposts
  # GET /dataposts.xml
  def index
    @dataposts = Datapost.all
    @posts = Post.all



respond_to do |format|
  format.html # index.html.erb
  format.xml  { render :xml => @dataposts }
end




end



# GET /dataposts/1
  # GET /dataposts/1.xml
  def show
    @dataposts = Datapost.all
    @datapost = Datapost.find(params[:id])
    @posts = Post.all



respond_to do |format|
  format.html # show.html.erb
  format.xml  { render :xml => @datapost }
end




end
end

This is the view where it's to be rendered. It's a partial that's called from a content_for that's called by the homepage.

<p>
  <small>Post title</small>
  <%=h @datapost.title %>
</p>
<hr />
<p>
  <%=h @datapost.body %>
</p>
<hr />
<hr />


<%= link_to 'Back', dataposts_path %>

I'll go ahead and push what I have onto prod. server for an idea of what I want the functionality to be like.

http://www.sanarothe.com (~5 minutes after edit)

From stackoverflow

  • The h method you're calling here:

    <%=h @datapost.body %>

    is also known as html_escape - here's the relevant link on Railsbrain. Remove it and your HTML tags should render appropriately.

    You should always display code you get from a user with the h method to prevent cross-site scripting attacks. But if it's code you scraped from a book (or whatever) it should be fine.

Posted by Ku XI at 9:10 PM

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)