Escaped and Unescaped Output in Rails 2 and Rails 3

By Keith Connolly on October 27, 2010

Get Reading

In rails 2 strings would be output in a raw mannor.  This means that any HTML would appear rendered as HTML not just text.  So the string <%= post.title %> would display the title and if you wrapped your title in <strong> tags the title would be bold.  If you do NOT want to display the raw output you'd have to call the h method, like this:

<%=h post.title %>

In rails 3, however, all output is automatically escaped. That's great since most output needs to be escaped by default.  It saves a lot of time and effort not having to put an h infront of any string you want to display escaped. But, what if you need to display HTML?  You might want to display raw output in the case of a WYSIWYG (What you see is what you get) field where you have a tool like Tiny MCE allow the user to write rich HTML into a post's body, for example. A simple call of raw(string) will allow for raw, unescaped outputs.

<%= raw(post.body) %>

 

Get in touch

I really like hearing from those who read my content, engauge with me via the comments on each post are by one of the many contact methods below.


Keith Connolly
Queen Creek, Arizona 85142
P: (480) 231-9285