I am using rails 3. When implementing CMS, the body was supposed to displays the following:
<h1>Welcome to our home page</h1>.
but display the text with its tags.
In my views/viewer/show.html, I placed the following code: <%= #page.body %>.
What can I do so solve this?
Rails does this to protect you from XSS attacks. To prevent the tags from showing literally, you can use html_safe:
<%= #page.body.html_safe %>
Only use html_safe if you understand the consequences! You maybe opening up your application to XSS attacks if you don't.
It's confusing what you are trying to achieve.
If all you want to show is a line in that page, then:
In your app/controllers/viewer_controller do:
#message = "Welcome to our home page"
In you view app/views/viewer/show.html do:
</html>
<body>
<%= #message%>
</body>
</html>
Related
I'm trying to use the erb template on my angular templates folder, but the functionality is limited, for example,
The <% link_to
is working
but devise methods or even raw('sdmdslkc') pops an error that the method is not found.
for example
<%= link_to('Logout', destroy_user_session_path, :method => :delete) %>
work on views but not in angular templates (says destroy_user_session_path method not found)
Whats missing ? is it fixable?
let me see if i understand, u have some template with some tags that belongs to another language that is not angular, html, or js. if so then it is not fixable because angular sends an ajax to bring that html file and injects it to your page, alot after any server has rendered any part of the page.
my suggestion for a work around is to try and tell angular to take a server page, say it was with asp.net and i would like some server tags i would tell angular that the template is somepage.aspx while making sure that my page evetually returns plain html.
I am new to Ruby on Rails and am trying to use the gmaps4rails gem. The longitude and latitude show up automatically but the map is not appearing. If I look at the page source info it seems like the map is being called and created so I'm not sure why it's not showing up.
This can be seen here:
<script src="//maps.google.com/maps/api/js?v=3.8&sensor=false&client=& amp;key=& amp;libraries=geometry&language=&hl=®ion=" type="text/javascript"></script>
<script src="//google-maps-utility-library-v3.googlecode.com/svn/tags/markerclustererplus/2.0.14/src/markerclusterer_packed.js" type="text/javascript"></script>
<script type="text/javascript">
Gmaps.map = new Gmaps4RailsGoogle();
Gmaps.load_map = function() {
Gmaps.map.map_options.auto_adjust = true;
Gmaps.map.initialize();
Gmaps.map.markers = [{"lat":40.8217303,"lng":-73.9551369}, {"lat":41.4925374,"lng":-99.9018131},{"lat":50.3429668,"lng":18.5540869}];
Gmaps.map.markers_conf.do_clustering = true;
Gmaps.map.create_markers();
Gmaps.map.adjustMapToBounds();
Gmaps.map.callback();
};
Do I need to include some other files in my document to show the map? And where would those documents be? I am using Ruby 1.9.3 and Rails 3.2.12.
I see this type of question has been asked and answered many times, but I haven't been able to get a solution from those answers. Thanks for any help.
UPDATE:
Here is my view:
<br />
<%= link_to 'New Bathroom', new_bathroom_path %>
<%= gmaps4rails(#json) %>
Model:
acts_as_gmappable
def gmaps4rails_address
address
Controller:
def index
#bathrooms = Bathroom.all
#json = Bathroom.all.to_gmaps4rails
respond_to do |format|
format.html # index.html.erb
format.json { render :json => #bathrooms }
end
end
and application.html
<%= yield %>
<%= yield :scripts %>
<%= stylesheet_link_tag 'gmaps4rails' %>
</body>
</html>
One thing I'm wondering is if I need to copy some assets to the app. It says on the github site.
"""""""""""""""""""""""""""""""""""""""""
gmaps4rails.css will be copied to your app after you run the Rails generator. Be sure to require this file in your view for your first steps.
For Rails 3.0.x or without assets pipeline:
<%= stylesheet_link_tag 'gmaps4rails' %>
"""""""""""""""""""""""""""""""""""""""""""
Since I don't see the gmaps4rails.css file I wonder if that's the problem. Thanks for helping.
Post Debugger Details:
Yeah that's true. I have almost no experience with this stuff. I got Firebug as you recommended and discovered that when I glide over the page the google scripts in the debugger never get highlighted. I see that it did try to make a call to googleapis.com But the time for the different actions are zero, except for blocking and waiting. This makes me think nothing was sent from the google server. Under Get gmaps4rails.css it looks in my app/asset folder and has a 404 error. I'm learning how to understand all this info, and if I'm correct it seems like the server request to google was blocked for some reason and it thinks my css file is in the asset folder. If I am correct I really have no idea where to go from here. Please tell me what info would help make this problem clearer.
You need to run 'rails generate gmaps4rails:install'. That will supply the missing bits (and the css will be sourced automatically in rails 3.2).
After that, you should be good to go (based on the original question, and barring any subsequent changes).
I'm migrating my app to Rails 3.2.8 from 2.3.5. One form uses reCAPTCHA (in an erb file). Right now, all the HTML tags that the recaptcha_tags puts out are in escaped HTML. (i.e. <...> instead of <...>). So I see the tags themselves in the HTML page, instead of the reCAPTCHA box.
Here's what my erb looks like. I've verified that it doesn't matter where in the erb I put the recaptcha tags (inside the form_for or outside):
register.html.erb
...
<%= recaptcha_tags :public_key => RECAPTCHA_PUBLIC_KEY %>
...
Other things, like form_for don't have this problem. They output straight HTML.
Gemfile
gem "recaptcha", :require => 'recaptcha/rails'
Thanks in advance!
Turns out I needed to prefix the recaptcha_tags call with "raw":
register.html.erb
...
<%= raw recaptcha_tags :public_key => RECAPTCHA_PUBLIC_KEY %>
...
One of the major changes between Rails 2.3.5 and 3.X was some changes having to do with cross site scripting. You may want to start your upgrade by upgrading to 2.3.14 and adding the rails_xss gem. The rails_xss gem (https://github.com/rails/rails_xss) will switch the HTML safety default to escape, so it will cause the issue you're seeing with recaptcha_tags. This will allow you to see what strings in your app need to be marked as html_safe.
Or, if recaptcha_tags is the only issue, you may be able to fix it by telling rails not to escape the recaptcha_tags.
Something like:
<%= raw recaptcha_tags :public_key => "_________" %>
Thanks for doing the research. :)
I've added a custom engine into my refinery app with an image field. It all links up great and in the admin areas I can add images to it, etc.
I have a question about adding said images to a view however. At the moment I have the following code in a view:
<img src="<%= project.picture.url %>" alt="Image description" />
This displays my image nicely (although its probably not the best method - tips welcome) but I wanted to know how to access the thumbnail of that image. I noticed in others areas of refinery you can call a thumbnail method on an image object.
<%= image_fu image, ::Image.user_image_sizes[thumbnail.to_sym],
:class => "brown_border",
:class => "current_picked_image" %>
Please could someone run me through the steps of how to achieve this. The code snippet above comes out of the image_picker page code. Being quite new to rails I'm not sure how I would achieve this in my own page.
Thanks in advance for your help!
With image_fu:
<%=link_to (image_fu project.picture, '160x104'), project.picture.url %>
Hey,
I'm pretty new to rails and for learning effect, I try to implement my own authorization system.
Right now I'm having a Page Controller to control some static pages and nothing more, and a Session Controller where I plan to implement most of the authorization process.
My problem is, I have no clue how to get my partial to use the sessions-controller, when I add it to one of the static pages controlled by the pages controller.
It stated out with this http://ruby.railstutorial.org/chapters/sign-in-sign-out#top but i don't want it on an extra page.
so I tried setting the routes and I got an exception "no path found for '/'" as soon as I deleted "resources :sessions" it worked fine again.
my partial looks like this:
<%= form_for(User.new) do |f| %>
<%= f.submit "Login" %>
<% end %>
there's also a div class="action" block around the submit but can't find out how to escape it
this is included into my home via
<%= render 'sessions/new' %>
Thanks for your help
edit my solution:
I added to routes.rb:
resources :sessions
Furthermore I changed form_for(#user) to
<%= form_for(:session, url => sessions_path)
so this works.
I Highly recommed that you look at the railscast http://railscasts.com/episodes/250-authentication-from-scratch , it will give you an idea how to create authentication without forgetting some important steps.
Then you can use the gem devise which is an excellent authentication gem.
Have you tried putting your functions and everything for authentication within a Session Helpers file? Then, in your Application Controller if you add "include SessionsHelper" this should give you access to all the helper functions from Session that you should need