The bug is that when you concatenate HTML strings in helper methods, Rails will automatically HTML escape the string under certain conditions. There is NO way to tell Rails not to do this. Here is an example that reproduces the problem. Add these two methods to your application helper:
Then simply output the outer_helper method in one of your views:
<%= outer_helper %>
This is the result:
about to call inner_helper method
inside p content tag
a space should be between the following words: hello worldmore <span style="font-weight:bold;">dirty HTML</span>inside div content tag
outside of inner_helper method in p tag
This is obviously not what it should be producing. Rails 3 automatically escapes HTML rendered, but you can simply call .html_safe on the output to mark that you don't want it to escape, or call raw(string), from what I've read. But these don't exist in Rails 2.3.8. This bug has been fixed in this commit to the Rails code, which has been included in Rails 2.3.9.
The blog posting at http://breakthebit.org/post/647352254/rails-2-3-8-forced-html-escaping-of-concatenated shows some ways you can get around this, but in my opinion you shouldn't have to work around this. Just stick with 2.3.5, or if you're brave you can try 2.3.9.
3 comments:
The newly released Rails 2.3.9 fixes this problem. I've revised the blog posting to reflect this.
No thanks. According to the Ruby on Rails 2.3.9 comments, it appears that 2.3.9 breaks even more items.
Yeah, I have a later blog posting at http://rails.brentsowers.com/2010/09/upgrade-to-rails-239-session-no-longer.html that shows why I'm not upgrading to 2.3.9. I've modified this blog posting with a link to the killer 2.3.9 for me.
Post a Comment