How to HTML_Escape Text Data in a Sinatra App

How do I html_escape text data in a sinatra app?

Rack::Utils includes a HTML escape method. http://www.sinatrarb.com/faq.html#escape_html

in sinatra using erubis, default setting escape_html is true. sometimes hava to unescape

Not sure about which version of Erubis you use, but it seems like it has a special kind of tag for that particular case: with two equals signs. So the line from your example might look like:

<%== "<h1>Thanks for help...</h1>" %>

Calling to CGI::unescape should not be necessary, because the string is initially not escaped. All you need is to prevent escaping, not undo it.

But if your Erubis don't understand <%==, or if you use ERB, not Erubis, then sorry, I don't know any other solution except of what you said: disable html escape for entire file and use h everywhere you do need escaping.

FYI, in Rails for this also there are special helpers raw and String#html_safe, but as I can see they are part of ActiveSupport and not available in Sinatra.

Weird behavior of params hash in Sinatra

You seem to confuse the method params for the local variable params.

Let's take a look at a simplified example:

def params
  {"action" => "some-action"}
end

# the line below refers to the method #params
p params # {"action" => "some-action"}

# the variable params is created, but not assigned
params = {n: 1} if false

# any further reference to params will use the variable
p params # nil

If you now have the question "why is the variable created?" the simple answer is: Because the documentation says so.

The local variable is created when the parser encounters the
assignment, not when the assignment occurs:

a = 0 if false # does not assign to a

p local_variables # prints [:a]

p a # prints nil

To solve your issue either use the #params= setter (assuming there is one) or retrieve the method result to a variable to start with, this way all references to params refer to the variable.

# assign using the setter method
self.params = { :n => @number }

# extract the contents to a variable at the start
# of the `post '/modify' do` block
params = self.params # or params()

What is a better way to convert a simple sinatra app to static html pages?

Try Httrack

How could I escape a & in Haml so that it compiles to & instead of &? (Haml noob)

You can use the :escape_attrs option to control whether HTML sensitive characters in attributes are escaped:

require 'haml'

haml = "%a(href='/posts' data-icon=\"&\" aria-hidden='true')"

puts Haml::Engine.new(haml, :escape_attrs => false).to_html

Output:

<a aria-hidden='true' data-icon='&' href='/posts'></a>

Note that this will apply to all attributes in your Haml template.

Displaying .txt file with Ruby Sinatra

You can do as below :

sinatra code :

get '/create' do
    @logfile = File.open("logfile.txt","r")
    erb :create
    @logfile.close
end

file.erb

<h2>Text file:</h2>
<% @logfile.each_line do |line| %>
  <%= line %>
<% end %>

Or you can use File#read :

file.erb

<h2>Text file:</h2>
<%= @logfile.read %>

Creating a route with Sinatra to only accept a certain Content-type

Requests do not contain "Content-Type" header, but rather have "Accept". Sinatra should basically only respond to requests with "Accept" containing "application/json". Just to make sure:

post '/gods', :provides => :json do
  pass unless request.accept? 'application/json'
...
end

---

Related Topics