htmlentities

• This function’s solution will only work within the context of the Rails framework.

  Escaping a string to be safe for output in HTML is done using the CGI.escapeHTML class method. Rails provides the h helper method as a convenient shortcut to this method within our views.

  PHP

  $result = htmlentities('test "escaping" <characters>'); 
  var_export($result);
  // => "test &quot;escaping&quot; &lt;characters&gt;"

  Ruby

  require 'cgi'
   
  p CGI.escapeHTML('test "escaping" <characters>')
  # => "test &quot;escaping&quot; &lt;characters&gt;"

  To convert unicode characters to HTML entities in Ruby, we need to loop through
  the string characters using String#unpack.

  Ruby

  str = "Résumé"
  str.unpack("U*").collect {|s| (s > 127 ? "&##{s};" : s.chr) }.join("")
  p str
  # => "Résumé"

  Rails

  # In app/controllers/users_controller.rb
  class UsersController < ActionController::Base
    def show
      @user = User.find(params[:id])
    end
  end
   
  # In app/views/users/show.html.erb
  <p><%= h(@user.username) %></p>
   
  # or the equivalent and often preferable
  <p><%=h @user.username %></p>

  see also

  • html_entity_decode
  • nl2br
  • urlencode
  • get_html_translation_table
  • html_entity_decode

Looking for Rails or PHP web application development, integration, and training?

Rails for PHP is brought to you by Maintainable Software. Get custom web applications and personalized training from the authors of the book and website.