Question
I would like to have the title Ruby on Rails Tutorial Sample App | Foo's in my new.html.erb page. My layout is :
https://stackoverflow.com/questions/21735552
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<!DOCTYPE html>
<html>
<head>
<title><%= full_title(yield(:title)) %></title>
<%= stylesheet_link_tag "application", media: "all",
"data-turbolinks-track" => true %>
<%= javascript_include_tag "application", "data-turbolinks-track" => true %>
<%= csrf_meta_tags %>
</head>
<body>
<%= render 'layouts/header' %>
<div class="container">
<%= yield %>
</div>
</body>
my new.html.erb :
<% provide(:title, "Foo's") %>
<h1>Sign up</h1>
<p>Find me in app/views/users/new.html.erb</p>
But my title is wrong :
How can I do it ?
--
Full_title
module ApplicationHelper
# Returns the full title on a per-page basis.
def full_title(page_title)
base_title = "Ruby on Rails Tutorial Sample App"
if page_title.empty?
base_title
else
"#{base_title} | #{page_title}"
end
end
end
Solution 2
I have found :
just add .html_safe in my full_title function
module ApplicationHelper
# Returns the full title on a per-page basis.
def full_title(page_title)
base_title = "Ruby on Rails Tutorial Sample App"
if page_title.empty?
base_title
else
"#{base_title} | #{page_title}".html_safe
end
end
end
OTHER TIPS
I ran into this exact same thing and discovered a safer solution than using html_safe.
First, the method:
def full_title(page_title)
base_title = "".html_safe
base_title << "Ruby on Rails Tutorial Sample App"
if page_title.present?
base_title << " | "
base_title << page_title
end
base_title
end
This escapes page_title if it is unsafe, but leaves it unescaped if it is safe.
This allows "Foo's" to display properly, but also escapes "<script>alert('foo')</script>" -- for instance, if some malicious user manages to enter custom text into a field that is displayed in a title tag, or if you ever accidentally use risky text yourself.
The explanation boils down to this -- 'foo'.html_safe returns an ActiveSupport::SafeBuffer which acts like a String in every way except one: When you append a String to a SafeBuffer (by calling + or <<), that other String is HTML-escaped before it is appended to the SafeBuffer. When you append another SafeBuffer to a SafeBuffer, no escaping will occur. Rails is rendering all of your views under the hood using SafeBuffers, so the updated method above ends up providing Rails with a SafeBuffer that we've controlled to perform escaping on the page_title "as-needed" rather than "always".
Now, the credit for this answer goes entirely to Henning Koch, and is explained in far more detail at Everything you know about html_safe is wrong -- my recap above attempts only to provide the essence of the explanation in the event that this link ever dies.
You're using a custom helper : full_title, that displays a base name followed by a | character then what you provide.
If you want only your title, you should do :
<title><%= yield(:title) %></title>
