Re: [Rails] Please help: quotes in views

[tamouse mailing lists]

On Thu, Mar 21, 2013 at 4:27 PM, Y S <yusu...@gmail.com> wrote:
> Say I have a hidden field inside a form which tells me which quote character
> some file uses. The details are irrelevant, but I need to have a string
> value that could have a double quote. Assume we have a variable
>
> @quote_char = '"'
>
> Now, in the view, I try all of these
>
> <input type='hidden' name='quote_char' value=<%=
> html_escape(@quote_char) %> >
> <input type='hidden' name='quote_char' value="<%=
> html_escape(@quote_char) %>" >
> <input type='hidden' name='quote_char' value="<%= @quote_char %>" >
> <input type='hidden' name='quote_char' value=<%= @quote_char.inspect %>
>>
> <%= hidden_field_tag :quote_char, @quote_char %>
>
> None of these give well-formed HTML that was interpreted correctly by the
> browser. The only one that seemed to work was
> <input type='hidden' name='quote_char' value=<%=
> html_escape(@quote_char).inspect %> >
> which gave
> <input type='hidden' name='quote_char' value="&quot;" >
>
> So what exectly is the correct way to handle strings possibly containing
> quotes in views. Obviously the string may or may not contain said quotes
> every time the view is generated so there should be a general way to handle
> this with some helper function, etc.

Going into the Rails console, perhaps you can see what is happening:

Loading development environment (Rails 3.1.3)
1.9.3p194 :001 > qc = '"'
=> "\""

(the next line loads up the ERB utilities, including html_escape)

1.9.3p194 :002 > include ERB::Util
=> Object

(Just calling the function is like html_escape(qc).inspect)

1.9.3p194 :003 > html_escape(qc)
=> "&quot;"

(To be more like what is happening in your erb file, let's print it)

1.9.3p194 :005 > puts html_escape(qc)
&quot;
=> nil

So seeing that, it's probably obvious why your call with .inspect
worked -- it emitted the double quote marks around the content, which
is one of the things .inspect does.

But to just put it into the erb file embedded in html, all you should
need to do is:

<input type='hidden' name='quote_char' value='<%= html_escape(@quote_char) %>' >

[Y S]

Thank you! I just had a couple of questions:

How should we approach the problem is the tab character is to be included in the string. For example,

<% c = '\t' %>

<input type='hidden' name='char' value='<%=html_escape(c) %>' >

just shows the tab as a space.

Also, shouldn't Rails helper tags use single quotes since they work in both cases:

<% c1 = "'" %>

<input type='hidden', name='char1' value='<%= html_escape(c1) %>'>

<% c2 = '"' %>

<input type='hidden', name='char2' value='<%= html_escape(c2) %>'>

Thanks! I really appreciate the discussion.

[tamouse mailing lists]

On Mon, Mar 25, 2013 at 2:58 PM, Y S <yusu...@gmail.com> wrote:
> How should we approach the problem is the tab character is to be included in
> the string. For example,
>
> <% c = '\t' %>
> <input type='hidden' name='char' value='<%=html_escape(c) %>' >
> just shows the tab as a space.

The tab char (\t) is not converted by html_escapes() as far as I know;
if you want to make it an HTML-ish entity, you're probably going to
have to encode that yourself (it's &#0011; , btw). Even so, I'm not
sure what the value of that would be, as it doesn't actually seem to
fill up any space in an input text box.

> Also, shouldn't Rails helper tags use single quotes since they work in both
> cases:
> <% c1 = "'" %>
> <input type='hidden', name='char1' value='<%= html_escape(c1) %>'>
>
> <% c2 = '"' %>
> <input type='hidden', name='char2' value='<%= html_escape(c2) %>'>

In both cases, the characters c1 and c2 are being converted to HTML
entities, &apos; and &quot; respectively, and no longer contain and
sort of "quoteness" (if you'll permit) in the HTML context they get
rendered in.

I'm not about to say anything regarding which quoting should be
policy; in fact I'll argue strenuously against any such policy.

> Thanks! I really appreciate the discussion.

My pleasure!