0

i'm importing comments from CSV to DB. In CSV I have multilined comments, so when I import it, lines are separated with \n. Comments are saved in string column in DB. For security, when I show it in view, I use raw @comments. But raw defect comments and make it singlelined.

How to be?

TheVic
  • 303
  • 6
  • 16

1 Answers1

1

First of all, don't use raw because it will cause possibly malicious HTML in comments to be passed on to your visitors.

You'll need to convert the newlines to HTML br tags, as such:

comment.gsub("\n", "<br>")
Martijn
  • 1,662
  • 15
  • 21
  • What to use instead of raw? or to use nothing? – TheVic Oct 16 '14 at 11:03
  • 1
    Use nothing, unless you really need it (and only if you're really really sure of that). The rule is to never trust user input. If you want to pass through HTML content from your CSV, run it through a sanitizer like Loofah to make filter out any unwanted markup or script tags. – Martijn Oct 16 '14 at 19:01