Encode HTML entities in helpers and views in Ruby on Rails

Valid XHTML is good, manually encoding your HTML entities is bad! Why the encoding is not built into the framework, I don’t know, but a simple plugin makes it easy to accomplish such a task. Install this plugin and can will be blessed with encode_entities and decode_entities.

No big deal? Well…pay particular attention to your meta description and title tags. I personally think it is good practice to encode these fields just like you’d html_escape all user controllable strings.

Installation from command line:
script/plugin install http://svn.bountysource.com/leftbee-plugins/html_helpers
or via git (will only work in edge rails, 2.02)
script/plugin install git://github.com/tma/html_helpers.git

How to use it!

# this will encode a UTF-8 string with HTML entities
# returns "Check out my resumé"
<%= encode_entities("Check out my resumé") %>


# decode an encoded string
# returns "Check out my resumé"
<%= decode_entities("Check out my resum&Atilde;&copy;") %>

This entry was posted on Friday, February 1st, 2008 at 12:29 pm and is filed under ruby on rails. You can follow any comments to this entry through the RSS 2.0 feed. You can leave a comment, or trackback from your own site.

8 comments

  1. tma
    May 30, 2008 at 7:50 am

    I got the permission to push the plugin on github, so you can use it as git submodule, if you like.

    http://github.com/tma/html_helpers

  2. tma
    May 29, 2008 at 11:50 pm

    I got the permission to push the plugin on github, so you can use it as git submodule, if you like.

    http://github.com/tma/html_helpers

  3. Jonathan
    June 1, 2008 at 5:43 am

    Thanks for the update, I’ll adjust the post accordingly!

  4. Jonathan
    May 31, 2008 at 9:43 pm

    Thanks for the update, I’ll adjust the post accordingly!

  5. Joris Machielse
    June 25, 2008 at 8:43 am

    Why don’t you just use ERB’s built-in functionality?
    “html_escape” or simply “h”

    http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/classes/ERB/Util.html#M000658

  6. Joris Machielse
    June 25, 2008 at 12:43 am

    Why don’t you just use ERB’s built-in functionality?
    “html_escape” or simply “h”

    http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/classes/ERB/Util.html#M000658

  7. Michael Gee
    August 7, 2008 at 4:00 pm

    Joris,

    ERB’s html_escape only handles &, “, .

    Here’s the source from the link you provide:

    # File erb.rb, line 806
    def html_escape(s)
    s.to_s.gsub(/&/, “&”).gsub(/”/, “"”).gsub(/>/, “>”).gsub(/</, “<”)
    end

  8. Michael Gee
    August 7, 2008 at 8:00 am

    Joris,

    ERB’s html_escape only handles &, “, .

    Here’s the source from the link you provide:

    # File erb.rb, line 806
    def html_escape(s)
    s.to_s.gsub(/&/, “&”).gsub(/\”/, “"”).gsub(/>/, “>”).gsub(/</, “<”)
    end

Leave a comment