← Back to Upcase

Am I using html_safe, and raw() correctly? Tying to append a string with special characters to a query


(Avery Rozar) #1

I’ve tried using .html_safe, and raw() and it’s not breaking anything, but it still passes the charters as hex or something.

these all pass the same thing to elasticsearch

<%= @esearch.search q:params[:query] + ‘&pretty=true’ do %>
<%= @esearch.search q:params[:query] + ‘&pretty=true’.html_safe do %>
<%= @esearch.search q:params[:query] + raw(’&pretty=true’) do %>

I’m getting this;

q=asa%26pretty%3Dtrue

I’m hoping to get this;

q=asa&pretty=true


(Ben Orenstein) #2

My hunch is that your q:params[:query] string isn’t marked as html safe.

Appending an html safe string no a non-safe string results in a non-safe string.


(Avery Rozar) #3

You appear to be correct… if I just search for $ I get the following

_search?q=%24

That’s no good. So the issue would be in the original index page where the user submits the search?

<%= form_tag @esearch, :method => :get do %>
<%= text_field_tag :query, params[:query] %>
<%= submit_tag ‘Search logs…’, name: nil %>
<% end %>