Rails doesn’t automatically convert newline (“\n“) characters in strings to line breaks (“<br>“) with h.

<%= h @user.address %>


Manually replacing the \n with <br> without using h will make your site vulnerable to XSS attacks. The proper approach would be to convert the line breaks after h. Note that Rails already has a method, simple_format, that converts line breaks.

<%= simple_format(h @user.address) %>
Tagged with →  
Share →

Leave a Reply