Rails 3 widget helper partial
-
03-10-2019 - |
Question
I ran into a big problem in moving my application to Rails 3. I have a view helper which i call 'WidgetHelper'. It helps to render some partials automatically when i refer to it. For example
<%= widget('loginbox', :global => true) %>
But it not works correctly. It renders HTML code as I want, but escapes the return value, what is not expected. How can I tell to render (or to something) to not escape the return value for me?
Here is my code:
def widget(widget, options={})
begin
unless options[:fullpath]
render :partial => widget_path(widget, options[:global])
else
render "widgets/#{widget}"
end
rescue ActionView::MissingTemplate
"<!-- widget: #{widget.inspect}, #{options.inspect} -->"
end
end
Solution
def widget(widget, options={})
begin
unless options[:fullpath]
raw render(:partial => widget_path(widget, options[:global]))
else
raw render("widgets/#{widget}"))
end
rescue ActionView::MissingTemplate
raw "<!-- widget: #{widget.inspect}, #{options.inspect} -->"
end
end
The raw
method of Rails 3 does the reverse of h
method in Rails 2. Escaping a string was done with the h
method on Rails 2. On Rails 3, strings output from a view are escaped by default, and the escaping can be disabled by the raw
method.
OTHER TIPS
Rails 3 changed the way that content filtering works - it by default assumes you want everything filtered.
You can correct this using html_safe
:
"<!-- widget: #{widget.inspect}, #{options.inspect} -->".html_safe
See: http://asciicasts.com/episodes/204-xss-protection-in-rails-3