Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have input that may either be a string or be a string of html. I have figured out how to recognize whether or not the string is html, but I don’t know how to have the browser interpret the string as html instead.
For example, instead of having <a href='www.google.com'> Click here!! </a> on the page, I would instead like to have the actual link render like: Click Here
View code where I am trying to do this:
<div class="description">
<%= p.description %>
<div>
You need to mark the string as ‘html safe’ in one of two ways:
… or by explicitly marking the string as html_safe:
However: Please bear in mind that if this input comes from untrusted users (i.e. anyone other than you!), then this could be a risky strategy, as it will allow cross site scripting attacks. Make sure you read the rails security guide for more information on this risk and how to effectively mitigate it.