API Guides

module TextHelper

Ruby on Rails 3.0.20

Since v2.2.3

Available in: v2.2.3 v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

The TextHelper module provides a set of methods for filtering, formatting and transforming strings, which can reduce the amount of inline Ruby code in your views. These helper methods extend Action View making them callable within your template files.

Sanitization

Most text helpers by default sanitize the given content, but do not escape it. This means HTML tags will appear in the page but all malicious code will be removed. Let’s look at some examples using the simple_format method:

simple_format('<a href="http://example.com/">Example</a>')
# => "<p><a href=\"http://example.com/\">Example</a></p>"

simple_format('<a href="javascript:alert('no!')">Example</a>')
# => "<p><a>Example</a></p>"

If you want to escape all content, you should invoke the h method before calling the text helper.

simple_format h('<a href="http://example.com/">Example</a>')
# => "<p>&lt;a href=\"http://example.com/\"&gt;Example&lt;/a&gt;</p>"

Includes

Extends

Constants

Methods (defined here)

Private methods

(5) Implementation detail — not part of the public API.

Used by

Included by (2)

Methods (inherited)

From ActionView::Helpers::SanitizeHelper (4)
From ActiveSupport::Concern (3)

Type at least 2 characters to search.

↑↓ navigate · open · esc close