如何使用 Rails 在标题标签上显示一些 HTML 实体 [英] How to show some HTML entities on title tag using Rails
问题描述
我正在运行 Rails 4.2.x,但遇到以下问题.
某些页面的
是根据用户内容生成的.所以我必须使用 sanitize
Rails 助手来正确清理它.
但是如果用户写了类似A&B"的东西,浏览器中显示的标题是A&B
这是错误的.
使用 Rails 转义
标签上的用户内容的正确方法是什么?至少应该包含一些特殊字符...
我们可以使用 CGi还有
title = "A & B"=>A&B"string = CGI.escapeHTML(title)=>A&B"string = CGI.unescapeHTML(title)=>A&B"
Rails 提供了很多逃生选项
参考这些链接:
raw vs. html_safe vs. h to unescape html
如果你想删除标签,你可以使用 SanitizeHelper>
另一种选择:WhiteListSanitizer
white_list_sanitizer = Rails::Html::WhiteListSanitizer.newwhite_list_sanitizer.sanitize(s, 标签: %w())white_list_sanitizer.sanitize(s, tags: %w(table tr td), attributes: %w(id class style))
您也可以使用Rails::Html::TargetScrubber>
I'm running Rails 4.2.x and I have the following problem.
The <title>
of some pages are generated from user content. So I have to use the sanitize
Rails helpers to properly clean it up.
But if the user writes something like "A & B", the title shown in browser is A & B
which is wrong.
What's the correct way of escaping user content on the <title>
tag using Rails? At least some special characters should be included...
We can use CGi also
title = "A & B"
=> "A & B"
string = CGI.escapeHTML(title)
=> "A & B"
string = CGI.unescapeHTML(title)
=> "A & B"
Rails providing so many options to escape
Refer these links:
raw vs. html_safe vs. h to unescape html
How to HTML encode/escape a string? Is there a built-in?
If you want remove tags you can use SanitizeHelper
One more option : WhiteListSanitizer
white_list_sanitizer = Rails::Html::WhiteListSanitizer.new
white_list_sanitizer.sanitize(s, tags: %w())
white_list_sanitizer.sanitize(s, tags: %w(table tr td), attributes: %w(id class style))
You can use Rails::Html::TargetScrubber also
这篇关于如何使用 Rails 在标题标签上显示一些 HTML 实体的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!