HTML Line Breaks in Rails Text Fields

By On · Add Comment · In Programming, Troubleshooting

Problem:

Rails doesn’t automatically convert newline (“\n“) characters in strings to line breaks (“<br>“) with h.

<%= h @user.address %>

Solution:

Manually replacing the \n with <br> without using h will make your site vulnerable to XSS attacks. The proper approach would be to convert the line breaks after h. Note that Rails already has a method, simple_format, that converts line breaks.

<%= simple_format(h @user.address) %>

Related posts:

  1. Rails Development Server is Slow
Tagged with:  

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>