Skip to navigation

HTML encoding your flash in your controller

Published February 06, 2007

I’m often placing user generated content into flash[:notice] messages and then needing to output that safely in my layout. I also sometimes need to output a small snippet of HTML, such as an entity, in the flash[:notice], and for this reason I can’t just HTML escape it in the view.

ERB::Util defines the handy h (html_escape) and u (url_encode) methods you’ve most probably used in your views. To use them in your controllers too, just include the ERB::Util module (thankfully it’s lightweight and only defines these two methods).


class ApplicationController < ActionController::Base
  protected
    include ERB::Util
end

You can now flash your users’ bits to your heart’s content:


flash[:notice] = "Welcome back #{h current_user.to_s(:informal)}!"

More reading…

Previously: Creating Rake::TestTasks on-the-fly

Next up: Getting up-and-running with RSpec

Articles

toolmantim

I'm Tim Lucas, a web app designer and developer currently in Sydney Australia.

I run a web application design and development company Agency Rainford, present on various technical topics, snap the occasional photo, tweet my going-ons, share teh codes and post other tid-bits to the tumble.

Most recently I published Refreshed, realigned and ready for 2009 (January 04, 2009)

Shoot an email to and say hello.

Powered by bananas