0

I have RedCloth with Coderay installed to highlight my code pasted in my blog.

If I paste some code like this:

 CodeRay.scan(
"set_meta_tags :og => {
        :title => @blog.title,
        :type => 'article',
        :url => current_url,
        :image => @blog.blog_images.first.image.url,
        :article => {:published_time => @blog.created_at.to_time.iso8601,
                     :modified_time => @blog.updated_at.to_time.iso8601,
                     :author => 'Name',
                     :section => @blog.categories.first.name,
                     :tags => @blog.categories.map(&:name).join(', ')
        }}",
:ruby).div(:css => :class)

I got this

set_meta_tags :og => {

        :title => blog</span>.title,
        <span class="symbol">:type</span> =&gt; <span class="string"><span class="delimiter">'</span><span class="content">article</span><span class="delimiter">'</span></span>,
        <span class="symbol">:url</span> =&gt; current_url,
        <span class="symbol">:image</span> =&gt; <span class="instance-variable">blog.blog_images.first.image.url,

        :article => {:published_time => blog</span>.created_at.to_time.iso8601,
                     <span class="symbol">:modified_time</span> =&gt; <span class="instance-variable">blog.updated_at.to_time.iso8601,

                     :author => ‘Name’,

                     :section => blog</span>.categories.first.name,
                     <span class="symbol">:tags</span> =&gt; <span class="instance-variable">blog.categories.map(&:name).join(‘, ’)

        }}

How can I get rid of that?

Many thanks

Jan
  • 12,992
  • 9
  • 53
  • 89

1 Answers1

0

You can pass the markup through sanitize before outputting it in the view. This will keep harmless html tags, but strip potentially harmful things such as <script>:

<%= sanitize CodeRay.scan(..., :ruby).div(:css => :class) %>

If you can trust the markup 100% (I think you can in this case), you can use raw to bypass escaping or html_safe to mark the string as safe. This will lead to all tags being outputted.

<%= raw CodeRay.scan(..., :ruby).div(:css => :class) %>

or

<%= CodeRay.scan(..., :ruby).div(:css => :class).html_safe %>

Also see http://guides.rubyonrails.org/active_support_core_extensions.html#output-safety

Patrick Oscity
  • 53,604
  • 17
  • 144
  • 168
  • Thank you, I accept this answer. But I am using also ```textilize``` before the ```CodeRay``` part. When I prepend like this: ```textilize(sanitize CodeRay("blahCode", :ruby).div``` I got the same result back – Jan Sep 26 '14 at 10:10
  • Why would you want textile to process your code listing? You could do: `sanitize textilize(CodeRay("blahCode", :ruby).div.html_safe)` to pass the raw output to textilize – Patrick Oscity Sep 26 '14 at 10:11
  • Hm. doesnt worked. I simply wanna format my "regular text" and put some code between. – Jan Sep 26 '14 at 10:14
  • That will not work. What if your code contains `a * b * c`? It will render as a **b** c, because it thinks you want to make the `b` bold. You have to scan the input for code blocks and then pass that through coderay separately. You should read this: http://asciicasts.com/episodes/207-syntax-highlighting – Patrick Oscity Sep 26 '14 at 10:59
  • I watched this already, thank you. I switched now back to html :-) But I ran into another issue. It does not render greater_than signs. http://stackoverflow.com/questions/26057970/coderay-does-not-render-greater-than-signs – Jan Sep 26 '14 at 11:00