Ruby on rails Rails 4:将_链接到未创建适当html的标记
我正在使用引导的工具提示来显示图标 硬编码,这是预期的工作Ruby on rails Rails 4:将_链接到未创建适当html的标记,ruby-on-rails,ruby-on-rails-4,Ruby On Rails,Ruby On Rails 4,我正在使用引导的工具提示来显示图标 硬编码,这是预期的工作 <%= link_to "<h2>test</h2>", '#', class: "tag-tooltip", :data => {:toggle=>"tooltip"}, 'data-origin
<%= link_to "<h2>test</h2>",
'#',
class: "tag-tooltip",
:data => {:toggle=>"tooltip"},
'data-original-title' =>
"<i class=\"icon-off icon-white\"></i> = SomeText
<i class=\"icon-info-sign icon-white\"></i> = SomeText
<i class=\"icon-ban-circle icon-white\"></i> = SomeText
<i class=\"icon-warning-sign icon-white\"></i> = SomeText
<i class=\"icon-remove icon-white\"></i> = SomeText
<i class=\"icon-refresh icon-white\"></i> = SomeText
<i class=\"icon-download-alt icon-white\"></i> = SomeText
<i class=\"icon-list-alt icon-white\"></i> = SomeText
<i class=\"icon-ok icon-white\"></i> = SomeText",
'data-placement' => 'top' %>
{:toggle=>“工具提示”},
“数据原始标题”=>
“=SomeText
=一些文本
=一些文本
=一些文本
=一些文本
=一些文本
=一些文本
=一些文本
=SomeText“,
“数据放置”=>“顶部”%>
现在我将使用一个helper方法来实现同样的功能
<%= link_to 'First', '#', class: 'tag-tooltip', :data => {:toggle=>"tooltip"}, 'data-original-title' => get_icon_tooltip(get_icon_hash).html_safe, 'data-placement' => 'top' %>
{:toggle=>“tooltip”},“数据原始标题”=>get\u icon\u工具提示(get\u icon\u散列)。html\u安全,“数据放置”=>“顶部”%>
现在,尽管图标的html是相同的
<i class="icon-off icon-white"></i> = SomeText<i class="icon-info-sign icon-white"></i> = SomeText<i class="icon-ban-circle icon-white"></i> = SomeText<i class="icon-warning-sign icon-white"></i> = SomeText<i class="icon-remove icon-white"></i> = SomeText<i class="icon-refresh icon-white"></i> = SomeText<i class="icon-download-alt icon-white"></i> = SomeText<i class="icon-list-alt icon-white"></i> = SomeText<i class="icon-ok icon-white"></i> = SomeText
=SomeText=SomeText=SomeText=SomeText=SomeText=SomeText=SomeText=SomeText=SomeText=SomeText
最终结果是包含未替换“”字符的HTML
<a class="tag-tooltip" data-original-title="<i class="icon-off icon-white"></i> = SomeText<i class="icon-info-sign icon-white"></i> = SomeText<i class="icon-ban-circle icon-white"></i> = SomeText<i class="icon-warning-sign icon-white"></i> = SomeText<i class="icon-remove icon-white"></i> = SomeText<i class="icon-refresh icon-white"></i> = SomeText<i class="icon-download-alt icon-white"></i> = SomeText<i class="icon-list-alt icon-white"></i> = SomeText<i class="icon-ok icon-white"></i> = SomeText" data-placement="right" data-toggle="tooltip" href="#">First</a>
想法?你为什么要给你的助手打电话
html\u-safe
?这将导致未转义的字符
<a class="tag-tooltip" data-original-title="<i class="icon-off icon-white"></i> = SomeText<i class="icon-info-sign icon-white"></i> = SomeText<i class="icon-ban-circle icon-white"></i> = SomeText<i class="icon-warning-sign icon-white"></i> = SomeText<i class="icon-remove icon-white"></i> = SomeText<i class="icon-refresh icon-white"></i> = SomeText<i class="icon-download-alt icon-white"></i> = SomeText<i class="icon-list-alt icon-white"></i> = SomeText<i class="icon-ok icon-white"></i> = SomeText" data-placement="right" data-toggle="tooltip" href="#">First</a>
你能替换:
get_icon_tooltip(get_icon_hash).html_safe
借
我的第一个想法是你为什么逃避角色?Rails会帮你做到这一点。。您可以将引号用单引号括起来,然后使用.HTML\u safe方法重新生成HTML……当我查看源代码时,工作字符串中包含的所有尖括号都被转义。当我看到破损的标签时,没有一个括号被漏掉。不管怎样,我将
get\u icon\u工具提示
返回的字符串用单引号括起来,结果是一样的。为什么这会导致角色无法替换?我不熟悉Ruby和Rails,但我假设如果我在一个返回字符串的助手方法上调用html_-safe,它将提供一个html_-safe字符串。html_-safe
用于告诉Rails字符串是安全的,并且可以显示为不安全的。默认情况下,rails将自动转义您传递给此类助手的字符串,以避免xss攻击。在您的情况下,由于您希望在数据原始标题中传递的值包含html标记,因此会发生冲突。