What is the difference between the two following pieces of c

[Doney Kaka]

Don't really know where to go with this one, but I gotta know...
What is the difference between the two following pieces of code?
Code:
<%= h(truncate(product.description, 80)) %>
and
Code:
<%= truncate(product.description, 80) %>
This question could also be asked by asking what h() does.

http://sieuthi77.com/giavang
http://sieuthi77.com/sangiaodichvang
http://sieuthi77.com/sanvang
http://sieuthi77.com/giaodichvang

 

[Chris Mowforth]

See the RDoc:

http://ruby-doc.org/stdlib/libdoc/erb/rdoc/classes/ERB/Util.html#M000305

#h is an alias for #html_escape

 

[Brian Candler]

Don't really know where to go with this one, but I gotta know...
What is the difference between the two following pieces of code?
Code:
<%= h(truncate(product.description, 80)) %>
and
Code:
<%= truncate(product.description, 80) %>

Ruby is not Rails, and Rails questions are best asked on a Rails mailing
list.

But briefly: Rails defines a helper method escapeHTML() with alias h().
This escapes HTML, so for example if the product.description is "a<b" it
turns it into "a&lt;b". This is important to prevent users injecting
their own tags and code into the page, as well as ensuring the page
renders properly.

 

[Chris Mowforth]

Ruby is not Rails, and Rails questions are best asked on a Rails mailing

list.

I was about to say the same thing but remembered this method can be
found in the standard library. Although in reality I guess rails is the
only context it'll be used in...

 

[Marnen Laibow-Koser]

I was about to say the same thing but remembered this method can be
found in the standard library. Although in reality I guess rails is the
only context it'll be used in...

Well, Rails is not the only Web framework for Ruby, and anyway, HTML
escaping would be useful in CGI scripts and parsers...

Best,

 

[Chris Mowforth]

Well, Rails is not the only Web framework for Ruby, and anyway, HTML
escaping would be useful in CGI scripts and parsers...

Best,

Totally, but let's not start debating that. #candlerb implied that this
was an RoR thing and the question should be posted elsewhere; he should
RTFM.

 

[Marnen Laibow-Koser]

Totally, but let's not start debating that. #candlerb implied that this
was an RoR thing and the question should be posted elsewhere; he should
RTFM.

When you make incorrect statements (like "this will only be used in
Rails"), it's a little funny to tell others to RTFM.


Best,

 

[Chris Mowforth]

When you make incorrect statements (like "this will only be used in

Rails"), it's a little funny to tell others to RTFM.


Best,

When did I ever explicitly say that? And honestly, who the **** uses it
in anything else? I think it's a fair assertion. Enough with the
pedantry, I'm not replying to this any more. Composers obviously have
the time to pursue these things.

 

[Marnen Laibow-Koser]

When did I ever explicitly say that?

You said it quite explicitly in
http://www.ruby-forum.com/topic/199335#868114 : "Although in reality I
guess rails is the only context it'll be used in..."

And honestly, who the **** uses it
in anything else?

Anybody dealing with HTML without Rails. Presumably, that includes the
sizable Merb community, among others.

I think it's a fair assertion.

It might be if Rails were the only popular Ruby Web framework. But
that's not actually the case.

Enough with the
pedantry, I'm not replying to this any more.

Probably a good idea.

Composers obviously have
the time to pursue these things.

Best,

 

[Josh Cheek]

[Note: parts of this message were removed to make it a legal post.]

Also, http://ruby-toolbox.com/categories/web_app_frameworks.html lists 6
other Ruby web frameworks. And there are certainly non web application uses
for HTML as well.