Home/ Questions/Q 9083615
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T20:48:58+00:00

html_safe and still escaped html I have the following reply helper: def mb_reply_login post

  • 0

html_safe and still escaped html

I have the following reply helper:

def mb_reply_login post
  if current_user
    "<button data-depth='" + post.depth.to_s + "' data-post-id='" + post.id.to_s + "'  class='mb_btn mb_reply btn'>reply</button>".html_safe
  else
    ...
  end

and call it from within views like so: 

<%=mb_reply_login post %>

However, it’s return escaped html and am confused as to why? It seems like it shouldn’t according to Don't escape html in ruby on rails and the rails api.

How would I return unenscaped html? I tried 

"<button data-depth='" + post.depth.to_s.html_safe + "' data-post-id='" + post.id.to_s.html_safe + "'  class='mb_btn mb_reply btn'>reply</button>".html_safe

but no dice

thx in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When you concatenate strings in Ruby on Rails, every single String that hasn’t been marked as html_safe is first escaped before concatentating.

    Using your second snippet, make sure to call .html_safe on every string (including the constants such as: 

    "<button data-depth='"

    Better yet, you can use interpolation, such as:

    "<button data-depth='#{post.depth.to_s.html_safe}' 
 data-post-id='#{post.id.to_s.html_safe}' 
 class='mb_btn mb_reply btn'>reply</button>".html_safe
    • 0