Unescaping HTML string

Question

I have the inherited the following string (I can do nothing about the format):

 <iframe \n  class=\"some_class\"\n  type=\"text/html\" \n  src=\"/embed/iframe_content.html?id=tsqA5D7_z10\" \n  width=\"960\" \n  height=\"593\" \n  marginwidth=\"0\" \n  marginheight=\"0\" \n  frameborder=\"0\">\n</iframe>

I am rendering it in an erb template like this:

<%= the_string %>

At the moment it renders as text like this:

<iframe  class="some_class" type="text/html" src="/embed/iframe_content.html?id=tsqA5D7_z10" width="960" height="593"  marginwidth="0" marginheight="0" frameborder="0"></iframe>

I need to render it as HTML.

I have tried the following:

1. <%= the_string.html_safe %> # Renders the string unchanged
2. <%= CGI.unescapeHTML(the_string) %> # Errors with a Type Error 'can't dup NilClass'
3. <%= CGI.unescapeHTML(the_string).html_safe %> # Errors with a Type Error 'can't dup NilClass'
4. <%= raw the_string %> # Renders the string unchanged

How can I render this string as HTML?

Answer 1

As you seem to have noticed, there are two things you need to take care of:

1. Unescaping the HTML entities
2. Printing the raw html in your view

For number 2 <%= raw ... %> should work fine.

For number 1 CGI.unescapeHTML was the right idea, but I don't think it recognizes all HTML entities so I would recommend taking a look at the HTML Entites gem

You can also try and use the simple_format helper method, but I think you are going to have to pass it some options for it to allow the <iframe> tag

also I would strongly suggest moving your unescaping logic into a helper method.