Rail 3 escaping maruku
سؤال
I am using Maruku with my RoR3 app.
But the problem is that when i use the h(text)
method to escape the text from the database before i use Maruku it escapes >
to >
so Maruku wont see this as a blockquote.
But i still want to escape the rest of the text so my question is how can i make this work?
I don't want to disable the escaping but i don't want it to escape >
المحلول
The following method takes html_encoded multiline strings and replaces all maruku blockquote elements that have been converted to html entity codes back to >
For the purpose of this implementation a maruku blockquote line is defined as a line beginning with one or more > sequences separated with optional whitespace.
def maruku_escape(text)
text.gsub(/^([\s]*\>)+/) {|match| match.gsub(/\>/, '>')}
end
The following test string was used
test_text = "<b>A bold tag</b>
<span>Some text in a span</span>
Some Markdown
> Blockquote 1
> > nested blockquote 1
> > nested blockquote 2
>> nested blockquote 3 with no spaces
Some plain text with an invalid blockquote > Some blockquote text
<i>The end in italics<i>"
And using this as follows maruku_text = maruku_escape(ERB::Util.html_escape(test_text))
Gave the following results
result = "<b>A bold tag</b>
<span>Some text in a span</span>
Some Markdown
> Blockquote 1
> > nested blockquote 1
> > nested blockquote 2
>> nested blockquote 3 with no spaces
Some plain text with an invalid blockquote > Some blockquote text
<i>The end in italics<i>
"
نصائح أخرى
Rails 3 escapes all strings by default. You need to mark them as safe by using "some_string.html_safe" or use <%= raw some_string %> in the template if you want to avoid this.
If you setup the sanitize helper to allow the HTML tags you want to pass through, you could do something like this:
<%= sanitize(@maruku_content.to_html) %>
Sanitize will scrub your content and mark the output as html_safe while leaving the desired tags intact. This option is discussed in the rails_xss plugin docs here. The example they use is for textile.