[英]Using ruby variables as html code
I would expect that the following: 我希望以下内容:
<div style="padding-top:90px;"><%= u.one_line %></div>
simply pulls whatever is in u.one_line (which in my case is text from database), and puts it in the html file. 只需提取u.one_line中的内容(在我的情况下是数据库中的文本),然后将其放入html文件中。 The problem I'm having is that sometimes, u.one_line has text with formatted html in it (just line breaks).
我遇到的问题是,有时u.one_line中包含带有格式化html的文本(只是换行符)。 For example sometimes:
例如有时:
u.one_line is "This is < / b r > awesome"
and I would like the page to process the fact that there's a line break in there... I had to put it with spaces up ^^^ here because the browser would not display it otherwise on stackoverflow. 并且我希望页面能够处理其中存在换行的事实……我不得不在此处使用^^^空格,因为浏览器不会在stackoverflow上显示它。 But on my server it's typed correctly, unfortunately instead of the browser processing the line break, it prints out the "< / b r>" part...
但是,在我的服务器上,它的键入正确,但是不幸的是,浏览器没有处理换行符,而是打印出“ </ b r>”部分...
I hope you guys understand what I mean :(? 我希望你们能理解我的意思:(?
always remember to use raw
or html_safe
for html output in rails because rails by default auto-escapes html content for protecting against XSS attacks. 始终记住要在rails中使用html输出使用
raw
或html_safe
,因为Rails默认情况下会自动转义html内容以防止XSS攻击。
for more see When to use raw() and when to use .html_safe 有关更多信息,请参见何时使用raw()和何时使用.html_safe
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.