HTML被逃出的link_to [英] html is being escaped in link_to
问题描述
我在尝试为present开会点击标记您实现链接。这个链接是一个辅助的方法:
I'm trying to implement a link, when clicked marks you as present for a meeting. This link is a method in a helper:
def link_to_remote_registration(event_id)
down_image = "down_blanco.png"
up_image = "up_blanco.png"
unless registration.nil?
if registration.present == 1
up_image = "up_filled.png"
elsif registration.present == 0
down_image = "down_filled.png"
end
end
link_to_remote_registration = String.new
loading_and_complete = "Element.show('indicator_event_"+event_id.to_s+"'); Element.hide('vote_"+event_id.to_s+"')".html_safe
complete = "Element.hide('indicator_event_"+event_id.to_s+"'); Element.show('vote_"+event_id.to_s+"')".html_safe
link_to_remote_registration =
link_to(image_tag(up_image , :id => 'will_not_attend_event_'+ event_id.to_s , border => 0),
:url => new_registration_path(:present => 1, :event_id => event_id, :escape => false),
:remote => true,
:method => :put,
:loading => loading_and_complete,
:complete => complete)
return link_to_remote_registration
end
现在的问题是,当我呈现在我看来,一些链接的HTML的被躲过使得链接无法正常工作。
The problem is that when I render the link in my view some of the html gets escaped making the link not work.
<a href="/calendar?complete=Element.hide%28%27indicator_event_1%27%29%3B+Element.show%28%27vote_1%27%29&loading=Element.show%28%27indicator_event_1%27%29%3B+Element.hide%28%27vote_1%27%29&method=put&remote=true&url=%2Fregistrations%2Fnew%3Fevent_id%3D1%26present%3D1">
<img id="will_not_attend_event_1" border="0" src="/images/up_blanco.png?1198181114" alt="Up_blanco">
</a>
我认为这不是一个有效的URL。我不知道为什么会这样 - 我所说的HTML逃逸的完整和装载字符串
Which I think is not a valid url. I wonder why this happens - i call the html escape on the complete and loading string.
问候
推荐答案
既然你从一个辅助传递HTML代码时,Rails进行消毒它XSS保护。您可以通过返回重写它:
Since you're passing the html from from a helper, Rails sanitizes it to protect from XSS. You can override it by returning:
link_to_remote_registration.html_safe
<一个href="http://railscasts.com/episodes/204-xss-protection-in-rails-3">http://railscasts.com/episodes/204-xss-protection-in-rails-3
这篇关于HTML被逃出的link_to的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
