Problem with escaping HTML characters in Rails 3

Question

I use foo helper function in my view:

 <%= foo ["hello", "stack", "overflow"] %>

When foo is defined like this:

def foo(arr)
  result = ''
  arr.each do |a|
    result += content_tag(:div, a)
  end
  result
end

The page renders:

<div>hello</div><div>stack</div><div>overflow</div>

But, if change foo's definition to be:

def foo(arr)
  content_tag(:div, arr[0]) + content_tag(:div, arr[1]) + content_tag(:div, arr[2])
end

I get the expected result:

hello
stack
overflow

How would you fix foo's definition above to get the expected result ? (i.e. I don't want the characters to be escaped)

apneadiving · Accepted Answer · 2011-05-08T14:46:11.823

2

Try this:

def foo(arr)
  result = ''
  arr.each do |a|
    result += content_tag(:div, a)
  end
  raw result
end

Edit.

To be clearer, you're creating a string and Rails doesn't know whether or not it's safe to display. To be even more precise, Rails has no doubt concerning the content_tags it creates.

So you could solve your problem telling rails your initializer string is safe:

def foo(arr)
  result = ''.html_safe
  arr.each do |a|
    result += content_tag(:div, a)
  end
  result
end

edited May 08 '11 at 14:46

answered May 08 '11 at 13:04

apneadiving

110,730
25
209
207

Thanks. It solved the problem. However, I still wonder why `raw` is needed. Could you elaborate on that please ? – Misha Moroshko May 08 '11 at 13:47

Problem with escaping HTML characters in Rails 3

1 Answers1