In a view, string is escaped by default. mystring = A&B: some string here

Question

0

Asked: June 1, 20262026-06-01T20:58:19+00:00 2026-06-01T20:58:19+00:00

In a view, string is escaped by default. mystring = A&B: some string here

0

In a view, string is escaped by default.

mystring = "A&B: <b>some string here</b>" 
<%=mystring%>

mystring is rendered as:

A&amp;B: &lt;b&gt;some string here&lt;/b&gt;

However, I need to have  tag rendered and ampersand escaped.

A&amp;B: <b>some string here</b>

html_safe unescapes both ampersand and  tag. Is there a way to escape special characters like ampersand but not html tags?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T20:58:21+00:00

You can unescape specific elements using the Ruby’s CGI::unescapeElement method. In your case, you would want to use the following:

mystring = CGI::escape_html("A&B: <b>some string here</b>")

# You can replace ["B"] with an array of tags to be escaped, i.e. ["B", "A", "IMG"]
mystring = CGI::unescapeElement(mystring, ["B"]) 

<%= mystring.html_safe %>

See http://www.ruby-doc.org/stdlib-1.9.3/libdoc/cgi/rdoc/CGI.html for more escaping methods.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In a view, string is escaped by default. mystring = A&B: <b>some string here</b>

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply