Like almost all apps today, I have users who enter various information through standard

Question

0

Asked: May 12, 20262026-05-12T17:25:00+00:00 2026-05-12T17:25:00+00:00

Like almost all apps today, I have users who enter various information through standard

0

Like almost all apps today, I have users who enter various information through standard text inputs. My app is running on Rails.

It’s a no-brainer to escape ampersands that I include as part of the site copy, etc. But how do I escape an ampersand that is dynamically input by a user? Currently, it’s breaking my frontend validation.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T17:25:00+00:00

When you display the values you need to replace certain characters with HTML entities. Those characters are:

& : &amp;
< : &lt;
> : &gt;
" : &quot;

Perhaps there is a HtmlEncode function that you can use for that, otherwise you can use plain string operations. Pseudo code:

output replace(replace(replace(replace(text, "&", "&amp"), "<", "&lt;"), ">", "&gt;", """", "&quot;")

Edit:
I found that you can use the html_escape() function:

<%=html_escape @text%>

Or short:

<%=h @text%>

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Like almost all apps today, I have users who enter various information through standard

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply