[英]Rails 3 widget helper partial
I ran into a big problem in moving my application to Rails 3. I have a view helper which i call 'WidgetHelper'. 我将应用程序移动到Rails 3时遇到了一个大问题。我有一个视图助手,我称之为'WidgetHelper'。 It helps to render some partials automatically when i refer to it. 当我引用它时,它有助于自动渲染一些部分。 For example 例如
<%= widget('loginbox', :global => true) %>
But it not works correctly. 但它不能正常工作。 It renders HTML code as I want, but escapes the return value, what is not expected. 它会根据需要呈现HTML代码,但会转义返回值,这是不期望的。 How can I tell to render (or to something) to not escape the return value for me? 我怎么能告诉渲染(或某事) 不要逃避我的返回值?
Here is my code: 这是我的代码:
def widget(widget, options={})
begin
unless options[:fullpath]
render :partial => widget_path(widget, options[:global])
else
render "widgets/#{widget}"
end
rescue ActionView::MissingTemplate
"<!-- widget: #{widget.inspect}, #{options.inspect} -->"
end
end
def widget(widget, options={})
begin
unless options[:fullpath]
raw render(:partial => widget_path(widget, options[:global]))
else
raw render("widgets/#{widget}"))
end
rescue ActionView::MissingTemplate
raw "<!-- widget: #{widget.inspect}, #{options.inspect} -->"
end
end
The raw
method of Rails 3 does the reverse of h
method in Rails 2. Escaping a string was done with the h
method on Rails 2. On Rails 3, strings output from a view are escaped by default, and the escaping can be disabled by the raw
method. 所述raw
的Rails 3的方法做的反向h
方法中的Rails 2逃逸的字符串用的做h
on Rails的方法2.在导轨3,从一个视图输出字符串由默认逃出,并且逃逸可以通过禁用raw
方法。
Rails 3 changed the way that content filtering works - it by default assumes you want everything filtered. Rails 3改变了内容过滤的工作方式 - 默认情况下假设您希望过滤所有内容。
You can correct this using html_safe
: 您可以使用html_safe
更正此html_safe
:
"<!-- widget: #{widget.inspect}, #{options.inspect} -->".html_safe
See: http://asciicasts.com/episodes/204-xss-protection-in-rails-3 请参阅: http : //asciicasts.com/episodes/204-xss-protection-in-rails-3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.