Controller code:
class HelpController<ApplicationController
def index
@url = "https://example.com/auth?user_id=1234&redirect_to=http://google.ru"
end
end
View code:
<script>location.href='<%=@url%>';</script>
And it redirects to THIS:
example.com/auth?u开发者_StackOverflowser_id=1234&redirect_to=http://google.ru
This: http://example.com/auth?user_id=1234 & amp; redirect_to=http://google.ru (without spaces)
In Rails 3, you can call the .html_safe method to tell rails that you have verified the content is safe to send unescaped.
See http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/ for an explanation of the motivation for the default escaping behavior.
The idiom is reversed from older versions of rails, where you had to explicitly call .h (.html_escape).
No Ruby expert, but I think escaping is the default behavior. You have to force it to output as an unescaped string by wrapping the thing in raw()
.
精彩评论