I would expect that the following:
我期望下列各点:
<div style="padding-top:90px;"><%= u.one_line %></div>
simply pulls whatever is in u.one_line (which in my case is text from database), and puts it in the html file. The problem I'm having is that sometimes, u.one_line has text with formatted html in it (just line breaks). For example sometimes:
只要把u里的东西拉出来。one_line(在我的例子中是来自数据库的文本),并将其放入html文件中。我的问题是有时候,你。one_line中有带格式html的文本(只有换行符)。例如有时:
u.one_line is "This is < / b r > awesome"
and I would like the page to process the fact that there's a line break in there... I had to put it with spaces up ^^^ here because the browser would not display it otherwise on *. But on my server it's typed correctly, unfortunately instead of the browser processing the line break, it prints out the "< / b r>" part...
我希望这一页能够处理这样一个事实:那里有一个断线……我必须把它与空间^ ^ ^因为浏览器不会显示它否则*。但在我的服务器上,它输入正确,不幸的是,不是浏览器处理断行,而是打印出“< / br >”部分……
I hope you guys understand what I mean :(?
我希望你们能理解我的意思。
1 个解决方案
#1
5
always remember to use raw or html_safe for html output in rails because rails by default auto-escapes html content for protecting against XSS attacks.
始终记住在rails中为html输出使用raw或html_safe,因为rails默认会自动转义html内容,以防止XSS攻击。
for more see When to use raw() and when to use .html_safe
有关更多信息,请参见何时使用raw()和何时使用.html_safe
#1
5
always remember to use raw or html_safe for html output in rails because rails by default auto-escapes html content for protecting against XSS attacks.
始终记住在rails中为html输出使用raw或html_safe,因为rails默认会自动转义html内容,以防止XSS攻击。
for more see When to use raw() and when to use .html_safe
有关更多信息,请参见何时使用raw()和何时使用.html_safe