Turns out it was because I was using simple_format()
when I removed that and just simply called <%= @lesson.lesson_content %>
it rendered perfectly.
Rails DON'T sanitize
-
29-08-2022 - |
Pergunta
I am making a web app that integrates the Ace online IDE. A user enters an input through the Ace IDE which is then stored in a database. But when that is then rendered from the database Rails has done some sort of sanitization and the HTML tags are not loaded.
How do I explicitly tell Rails to leave all HTML tags in the tags and not format it (includes tabs and spaces)?
EDIT:
This is what the user inputs:
And this is what it outputs:
Solução 3
Outras dicas
Try the raw method. This method outputs without escaping a string
you have to append .html_safe
to any string you're returning to the view. By default Rails doesn't trust anything the user might have created.
So
<%= @my_source_code_from_the_db %>
Becomes
<%= @my_source_code_from_the_db.html_safe %>
As @Sam_D mentioned, another option is to wrap your string in a call to raw:
<%= raw(@my_source_code_from_the_db) %>