41
votes

In a Rails 3 application I have a domain class where one attribute stores pure HTML content (it's a blog app, the domain class is Post).

In the ERB templates, I need to display the content of the attribute as it was formmated, with the HTML tags in place. But, Rails is escaping all HTML tags! How can I disable this behaviour for this class attribute?

Example:

somePost = Post.new
somePost.content = "<strong> Hi, i'm here! </strong>"

In the erb template:

<%= somePost.content %>

The HTML generated is escaped:

&lt;strong&gt; Hi, i'm here! &lt;/strong&gt;
3

3 Answers

61
votes

Use raw(string), as described in the release notes.

7.4.3 Other Changes

You no longer need to call h(string) to escape HTML output, it is on by default in all view templates. If you want the unescaped string, call raw(string).

Basically, where you did

<%=h @model.attr %>

before you can now use

<%= @model.attr %>

and where you did that before you can now use

<%=raw @model.attr %>
61
votes

Try using raw(somePost.content). Alternatively, somePost.content.html_safe.

37
votes

Using a double equals means the result is not escaped...

<%== somePost.content %>

See this SO question about it - What does <%== %> do in rails erb?