html symbols in database get converted to &lg &gt in views

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

html symbols in database get converted to &lg &gt in views

fugee ohu
database tables contain <tr><td>...
when view renders < gets converted to &lt and > to &gt
why is this happening?

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/f505b114-122d-4f6e-bb1c-636432c703da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: html symbols in database get converted to &lg &gt in views

Colin Law
On 8 May 2017 at 15:50, fugee ohu <[hidden email]> wrote:
> database tables contain <tr><td>...
> when view renders < gets converted to &lt and > to &gt
> why is this happening?

To stop html injection
https://deadliestwebattacks.com/html-injection-quick-reference/

By the way did you solve your last issue (p==@posts.last)? You did not
reply to my question, which is not good manners.

Colin

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLvRHBJUxx2a3LRnc%3DF5%3D4Ka1MkUf_u2OpyStQCF0DSOpQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: html symbols in database get converted to &lg &gt in views

fugee ohu


On Monday, May 8, 2017 at 11:03:43 AM UTC-4, Colin Law wrote:
On 8 May 2017 at 15:50, fugee ohu <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="QTGKyGcCAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">fuge...@...> wrote:
> database tables contain <tr><td>...
> when view renders < gets converted to &lt and > to &gt
> why is this happening?

To stop html injection
<a href="https://deadliestwebattacks.com/html-injection-quick-reference/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdeadliestwebattacks.com%2Fhtml-injection-quick-reference%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGLNMn1wggssjipfZDB-srMbOV99A&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdeadliestwebattacks.com%2Fhtml-injection-quick-reference%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGLNMn1wggssjipfZDB-srMbOV99A&#39;;return true;">https://deadliestwebattacks.com/html-injection-quick-reference/

By the way did you solve your last issue (p==@posts.last)? You did not
reply to my question, which is not good manners.

Colin

Thanks, It works without the question mark at the end 
if p==@posts.last
 

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/5c2bc6c4-f803-488d-893b-ce3c3bf19316%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.