Skip to content

" »" being escaped in _nav partial #325

Closed
jerefrer opened this Issue Apr 4, 2013 · 2 comments

2 participants

@jerefrer
jerefrer commented Apr 4, 2013

When rendering out the nav partial it seems that " »" renders to " »" (escaped) but "«" does not ...

I admit that I don't have a clue why this is happening. Even more confusing :

>> ("«" + h(truncate(@post.next.title))).html_safe
=> "«Some Title"
>> ("«" + h(truncate(@post.next.title)) + " »").html_safe
=> "«Some Title »"
>> (h(truncate(@post.next.title)) + " »").html_safe
=> "Some Title &amp;#187;" # <=== See that "amp;" here ?

It seems to only happen when concatenating the string after the truncated title without concatenating anything before ...

Any idea ?

(I'm running ruby 1.9.3p327 & Rails 3.2.12)

@ugisozols
Refinery member

This is an interesting issue :)

h() returns "safe" string so if you concat unsafe string to it like " &#187;" it automatically gets escaped and therefor html_safe gets called on "Some Title &amp;#187;".

On the other hand if your base string is unsafe then concatenation with other string (safe or not) will always result in unsafe ( unchanged ) string so this time we call html_safe on "&#171; Some Title".

http://guides.rubyonrails.org/active_support_core_extensions.html#output-safety

@ugisozols ugisozols added a commit that referenced this issue Jun 21, 2013
@ugisozols ugisozols Need to call html_safe on unsafe string before concatenating it to sa…
…fe string.

Read explanation at
#325 (comment)
07945.

Closes #325.

Conflicts:
	app/views/refinery/blog/posts/_nav.html.erb
e0f75af
@ugisozols ugisozols added a commit that closed this issue Jun 21, 2013
@ugisozols ugisozols Need to call html_safe on unsafe string before concatenating it to sa…
…fe string.

Read explanation at
#325 (comment)
07945.

Closes #325.
a8af874
@ugisozols ugisozols closed this in a8af874 Jun 21, 2013
@jerefrer

Thanks for fixing and explaining the issue :)
Cheers !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.