This project is archived and is in readonly mode.

#4728 ✓invalid
Chris

Form Helper Escaping Problem

Reported by Chris | May 30th, 2010 @ 12:03 AM

While using form_tag Form Helper every HTML Command inside the Helper gets escaped.

This Problem occurs with rails 2.3.7 and 2.3.8. Maybe the same Problem occurs with rails 2.3.6(not tested)

With rails 2.3.5 everything works fine.

<% form_tag do %>

<% end %>

Comments and changes to this ticket

  • Jeff Kreeftmeijer

    Jeff Kreeftmeijer May 30th, 2010 @ 11:12 AM

    I tried to reproduce this problem on 2.3.8 by creating a view with a form_tag block with some HTML tags in it:

    <% form_tag do %>
        <p>
            When you say:
            
            <blockquote>
                While using form_tag Form Helper every HTML Command inside the Helper gets escaped.
            </blockquote>
            
            Do you mean <code>HTML tags</code>, like <strong>strong</strong> or <em>em</em>? 
            
            <% content_tag :div do %>
                Or are you talking about view helpers?
            <% end %>
            
            <%= text_area_tag :field, 'Or form fields?' %>
        </p>
    <% end %>
    

    This worked as expected, the source of the HTML output looks like this:

    <form action="/users/new" method="post"><div style="margin:0;padding:0;display:inline"><input name="authenticity_token" type="hidden" value="Wc/bU0J9aido2JIOZV8N4fF/CUV9OJUfjimd2z1/mvQ=" /></div> 
        <p> 
            When you say:
            
            <blockquote> 
                While using form_tag Form Helper every HTML Command inside the Helper gets escaped.
            </blockquote> 
            
            Do you mean <code>HTML tags</code>, like <strong>strong</strong> or <em>em</em>? 
            
            <div> 
                Or are you talking about view helpers?
            </div> 
            
            <textarea id="field" name="field">Or form fields?</textarea> 
        </p> 
    </form>
    

    So, it seems to work for me. Did I miss anything?

  • Chris

    Chris May 30th, 2010 @ 12:49 PM

    Right Jeff. You got the problem. It's every HTML Command within <> or </> brackets, that gets escaped somehow, when used within form_tag block. I don't know if the problem exists with every Helper, because I don't tried out. But the problem occurs defnetly with form_tag helper.

    User Skully seemed to have the same Problem:

    http://weblog.rubyonrails.org/2010/5/25/ruby-on-rails-2-3-8-released

    http://railsforum.com/viewtopic.php?id=39179

    People on IRC had no idea as well.

    I am using:

    • Mac OSX 10.5.8

    • ruby 1.8.7 (2009-06-12 patchlevel 174) [i686-darwin9.7.0]; But had the same problem with 1.8.6

    • ruby gems 1.3.6; But had the same problem with 1.3.5 and 1.3.7

  • Chris

    Chris May 30th, 2010 @ 01:40 PM

    Ok. I tried switching back from 2.3.5(where I have had no problems) to 2.3.8(where I had problems) to reproduce the problem and give you the escaped output the form_tag helper creates. But now i cant reproduce it either. Everything works fine, strange world.

    What I did was:

    I deinstalled all gems. updated the gem system itself. installed the latest rails version 2.3.8 with gems. And now everything works. The strange thing is: I did exactly the same thing yesteraday and the problem still resided.

    The only thing that's different: Before switching back from rails 2.3.8 to 2.3.5 yesterday I installed the developer tools for mac. Maybe there were some libaries that needed to be compiled native that lead to that problem.
    During rails installation i dont see any errors that point me to the fact that something is missing so i thought everything is just fine.

    Can this be? If yes this bug can be closed.

  • mat

    mat June 2nd, 2010 @ 08:49 AM

    This isn't your imagination. The actual problem was with the formtastic gem. Justin pushed out a fix within hours. So when you wrote the ticket you were probably using Formtastic 0.9.9 and when you upgraded all your gems you got the fix with Formtastic 0.9.10. See http://github.com/justinfrench/formtastic/issues/closed#issue/275 for details.

    This issue can be closed IMHO.

  • Martin Gamsjaeger (snusnu)

    Martin Gamsjaeger (snusnu) June 3rd, 2010 @ 10:13 PM

    There is a problem with escaping tho. I also saw #4762 and added a comment to that one too. I needed to patch rails(3) to solve that:

    PATCH: http://github.com/snusnu/rails/commit/7f1b5bc6452cd1ca65dae3283c4af...

  • Rohit Arondekar

    Rohit Arondekar September 14th, 2010 @ 05:14 AM

    • Importance changed from “” to “Low”

    Any updates here? Is this is still an issue?

  • David Trasbo

    David Trasbo September 23rd, 2010 @ 09:59 AM

    • State changed from “new” to “invalid”

    Marking this as invalid as it turned out to be a Formtastic issue. The problem Martin describes seems to be un-related. Please do create a separate ticket and attach a patch there, though.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Referenced by

Pages