将带有撇号的字符串传递给辅助方法无法正确显示
[英]Passing string with apostrophe to helper method doesn't display correctly
问题描述
I'm using a helper method from the rails tutorial which concatenates two strings together for use in the title selector in the view. 
我正在使用rails教程中的一个帮助器方法,它将两个字符串连接在一起,以便在视图中的标题选择器中使用。 It works perfectly fine, unless there is an apostrophe in the string. 它工作得非常好,除非字符串中有撇号。
When :group_name contains an apostrophe it comes out like this: 当:group_name包含一个撇号时,它会像这样出现:
<title>The website | O&#x27;Malley Brothers</title>
Here is the method: app/helpers/application_helper.rb 这是方法:app / helpers / application_helper.rb
module ApplicationHelper
def full_title(page_title)
base_title = "Chicago Improv Festival"
if page_title.empty?
base_title
else
"#{base_title} | #{page_title}"
end
end
end
Here is how it's used in the layout view. 以下是它在布局视图中的使用方式。 app/views/layouts/application.html.erb: 应用程序/视图/布局/ application.html.erb:
<title><%= full_title(yield(:title)) %></title>
Here is where the :title is set in another view file: app/views/submissions/show.html.erb 以下是:标题在另一个视图文件中设置的位置:app / views / submissions / show.html.erb
<% provide(:title, @submission.group_name) %>
2 个解决方案
解决方案1
9 已采纳 2012-10-24 15:34:47
你需要添加.html_safe这样撇号就不会被转义。
"#{base_title} | #{page_title}".html_safe
解决方案2
4 2015-11-16 09:47:37
It's a bad idea to call .html_safe willy nilly. 不.html_safe地打电话给.html_safe是一个坏主意。 Unless you have full control over base_title and page_title then you're opening yourself up to an attack, though I'm not sure what kind of attacks can exploit the <title></title> tag. 除非你完全控制base_title和page_title否则你会打开攻击,但我不确定哪种攻击可以利用<title></title>标记。
I had the same problem. 我有同样的问题。 The solution was not to use string interpolation, instead: 解决方案不是使用字符串插值,而是:
base_title + ' | ' + page_title
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.