How to HTML encode/escape a string? Is there a built-in?

html ruby-on-rails ruby escaping encode
kch picture kch · Mar 28, 2009 · Viewed 146.9k times · Source

I have an untrusted string that I want to show as text in an HTML page. I need to escape the chars '<' and '&' as HTML entities. The less fuss the better.

I'm using UTF8 and don't need other entities for accented letters.

Is there a built-in function in Ruby or Rails, or should I roll my own?

Answer

Christopher Bradford picture Christopher Bradford · Sep 30, 2010

Checkout the Ruby CGI class. There are methods to encode and decode HTML as well as URLs.

CGI::escapeHTML('Usage: foo "bar" <baz>')
# => "Usage: foo &quot;bar&quot; &lt;baz&gt;"

Related questions

Ruby on Rails: how to render a string as HTML?

I have @str = "<b>Hi</b>" and in my erb view: <%= @str %> What will display on the page is: <b>Hi</b> when what I really want is Hi. What's …

Read More
No route matches missing required keys: [:id]

I'm new at Rails and I've seem similar problems, but I can't solve mine. My routes: resources :users do resources :items end My models: class Item < ActiveRecord::Base belongs_to :user end class User < ActiveRecord::Base has_many :…

Read More
Loop in Ruby on Rails html.erb file

everybody I'm brand new with Ruby on Rails and I need to understand something. I have an instance variable (@users) and I need to loop over it inside an html.erb file a limitated number of times. I already used …

Read More