Escaping characters in controller

How can I escape characters in controller?
I mean replacing ‘"’ to ‘&quot’, ‘&’ to ‘&’ and so on?

On 11/22/06, Domas S. [email protected] wrote:

How can I escape characters in controller?
I mean replacing ‘"’ to ‘&quot’, ‘&’ to ‘&’ and so on?

The way I used to do it was include the helper module that defined
‘html_escape’, or the alias method ‘h’, then they became available.

What’s strange here is html_escape is nowhere to be found on
http://api.rubyonrails.com/

Am I missing something, or is it too early, or both?!

Chris M.
Web D.
Open Source & Web Standards Advocate

On Nov 22, 2006, at 2:15 PM, Domas S. wrote:

How can I escape characters in controller?
I mean replacing ‘"’ to ‘&quot’, ‘&’ to ‘&’ and so on?

Just in case, it is a bit suspicious to escape data in the
controller, normally is the view who knows whether it needs to apply
anything to the raw data to have it displayed correctly. If the view
is rhtml that is a call to h().

Why do you need that?

– fxn

I have a class that generates flash object html declaration. The class
instance is created in controller and passed to view where it ouputs
html code using to_html method. So I though about initializing my
class using already escaped data. Of course I could do escaping in the
class itself, but I wanted to know if there’s a standard way to do it.

To Chris:
html_escape is in file erb.rb, thanks for hint.

On 11/22/06, Domas S. [email protected] wrote:

To Chris:
html_escape is in file erb.rb, thanks for hint.

Nice.
I still could’ve sworn that these methods used to be listed in the
method list in the docs.

Can anyone shed some light on why they’re not anymore?
Or tell me I’m crazy, and they were never there in the first place.

Chris M.
Web D.
Open Source & Web Standards Advocate

On Nov 22, 2006, at 5:11 PM, Domas S. wrote:

I have a class that generates flash object html declaration. The class
instance is created in controller and passed to view where it ouputs
html code using to_html method. So I though about initializing my
class using already escaped data. Of course I could do escaping in the
class itself, but I wanted to know if there’s a standard way to do it.

You can have them available anywhere mixin the module from Action
View where the helper you need is defined.

Having said that, with the given information I’d say that generator
would receive normal strings, and encode them as needed for #to_html.
To do that the class would mixin ERB::Util, which is the module that
provides html_escape in RHTML templates.

– fxn