I'm using Rails 3. When a user submits a form with a text_field and has & entered in it, the form gets validated. When it isn't valid, Rails returns an error, which I then show to the user. But now the & is translated to & . How can I change this behaviour? Thanks.
Asked
Active
Viewed 2,387 times
5
Snels Nick
- 925
- 3
- 13
- 25
-
1You want to un-escape the HTML in the error message? That's probably not wise, XSS attacks being what they are. Why would you want to show non-escaped HTML as HTML? – David Aug 13 '12 at 12:21
-
It is not in the error message. For example a user enters `'Company & Sons'` as his company name. When he submits the form and gets an error, the text field with his company name then reads `'Company & Sons'`. That is not right, is it? – Snels Nick Aug 13 '12 at 13:08
-
Ah, that's different. You are correct, the form contents should not be changed. – David Aug 13 '12 at 14:06
2 Answers
3
I found the culprit. I was sending my input to a sanitizer method, which replaced all ampersands by &.
Snels Nick
- 925
- 3
- 13
- 25
