Home/ Questions/Q 6037019
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T06:00:42+00:00

I am using Ruby on Rails 3.0.7 and I would like to populate the

  • 0

I am using Ruby on Rails 3.0.7 and I would like to populate the href attribute value of a HTML a tag in a view file. 

<a href="<populating_value>">Test name</a>

I plan to retrieve that value (the “<populating_value>“) from a input form text field.

What is the safest process (steps from validation to outputting in the view file) to make that? Where can I find deep information about this matter? What do you advice (for example: is it safe to populate the href attribute value without a previous security check on the string entered by a user?)?

Note: the value can be an URL or an e-mail address.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    whats wrong with using link_to and escaping the string? If you are unsure of the strings safety call something like link_to "Test name", h(link) See http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-link_to for more information.

    This string should be escaped even without the call to h. Try reading this blog post on the XSS protection in Rails.

    • 0