in sinatra using erubis, default setting escape_html is true. sometimes hava to unescape

Question

In Sinatra, using erubis, the default setting for escape_html is true.

But sometimes I want to to unescape, because, I do not want to add too much escape_html. Don't repeat yourself. :)

helpers:

def raw(string)
  CGI::unescape_html(string)
end

views:

<div class="body">
  <%= raw "<h1>Thanks for help...</h1>" %>
</div>

does not work.

Answer 1

Not sure about which version of Erubis you use, but it seems like it has a special kind of tag for that particular case: with two equals signs. So the line from your example might look like:

<%== "<h1>Thanks for help...</h1>" %>

Calling to CGI::unescape should not be necessary, because the string is initially not escaped. All you need is to prevent escaping, not undo it.

But if your Erubis don't understand <%==, or if you use ERB, not Erubis, then sorry, I don't know any other solution except of what you said: disable html escape for entire file and use h everywhere you do need escaping.

FYI, in Rails for this also there are special helpers raw and String#html_safe, but as I can see they are part of ActiveSupport and not available in Sinatra.

Answer 2

You can accomplish what you want this way:

Web.rb:

require 'sinatra'
require 'erubis'
set :erb, :escape_html => true

get '/hi' do
  @model = Hash.new()
  @model[:person] = "<b>World</b>"
  erb :hello
end

Layout.erb:

<!DOCTYPE html>
<html>
<head>
  <title><%= @title %></title>
</head>
<body>
  <%== yield %>
</body>
</html>

Hello.erb:

<div>
  <p>Hello, <%= @model[:person] %>!</p>
  <p>Hello, <%== @model[:person] %>!</p>
</div>

Answer 3

Just to add some tips. Erubis has ability to escape (sanitize) expression. Erubis::Eruby class act as the following:

<%= expr %> - not escaped.
<%== expr %> - escaped.
<%=== expr %> - out to $stderr.
<%==== expr %> - ignored.

Source