Ruby on Rails 3 and escaped HTML

Rails 3 assumes that everything is NOT html safe (a change of opinion from Rails 2). Now, all strings are html escaped by default:

<%= h some_string %>

is now the same as

<%= some_string %>

To unescape the HTML (i.e you already know that the string is OK to render out), you need to mark it as html_safe or use keyword raw :

<%= some_string.html_safe %>
or
<%=raw some_string %>

Categories: Technologies
vinova: