I would like to have the title Ruby on Rails Tutorial Sample App | Foo's
Ruby on Rails Tutorial Sample App | Foo's
in my new.html.erb
page. My layout is :
<!DOCTYPE html>
<html>
<head>
<title><%= full_title(yield(:title)) %></title>
<%= stylesheet_link_tag "application", media: "all",
"data-turbolinks-track" => true %>
<%= javascript_include_tag "application", "data-turbolinks-track" => true %>
<%= csrf_meta_tags %>
</head>
<body>
<%= render 'layouts/header' %>
<div class="container">
<%= yield %>
</div>
</body>
my new.html.erb
:
<% provide(:title, "Foo's") %>
<h1>Sign up</h1>
<p>Find me in app/views/users/new.html.erb</p>
But my title is wrong :
How can I do it ?
--
Full_title
module ApplicationHelper
# Returns the full title on a per-page basis.
def full_title(page_title)
base_title = "Ruby on Rails Tutorial Sample App"
if page_title.empty?
base_title
else
"#{base_title} | #{page_title}"
end
end
end
I ran into this exact same thing and discovered a safer solution than using html_safe
.
First, the method:
def full_title(page_title)
base_title = "".html_safe
base_title << "Ruby on Rails Tutorial Sample App"
if page_title.present?
base_title << " | "
base_title << page_title
end
base_title
end
This escapes page_title
if it is unsafe, but leaves it unescaped if it is safe.
This allows "Foo's"
to display properly, but also escapes "<script>alert('foo')</script>"
-- for instance, if some malicious user manages to enter custom text into a field that is displayed in a title tag, or if you ever accidentally use risky text yourself.
The explanation boils down to this -- 'foo'.html_safe
returns an ActiveSupport::SafeBuffer which acts like a String in every way except one: When you append a String to a SafeBuffer (by calling + or <<), that other String is HTML-escaped before it is appended to the SafeBuffer. When you append another SafeBuffer to a SafeBuffer, no escaping will occur. Rails is rendering all of your views under the hood using SafeBuffers, so the updated method above ends up providing Rails with a SafeBuffer that we've controlled to perform escaping on the page_title
"as-needed" rather than "always".
Now, the credit for this answer goes entirely to Henning Koch, and is explained in far more detail at Everything you know about html_safe is wrong -- my recap above attempts only to provide the essence of the explanation in the event that this link ever dies.
I have found :
just add .html_safe
in my full_title
function
module ApplicationHelper
# Returns the full title on a per-page basis.
def full_title(page_title)
base_title = "Ruby on Rails Tutorial Sample App"
if page_title.empty?
base_title
else
"#{base_title} | #{page_title}".html_safe
end
end
end
You're using a custom helper : full_title
, that displays a base name followed by a |
character then what you provide.
If you want only your title, you should do :
<title><%= yield(:title) %></title>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.