I am making a web app that integrates the Ace online IDE. A user enters an input through the Ace IDE which is then stored in a database. But when that is then rendered from the database Rails has done some sort of sanitization and the HTML tags are not loaded.
How do I explicitly tell Rails to leave all HTML tags in the tags and not format it (includes tabs and spaces)?
EDIT:
This is what the user inputs:
And this is what it outputs:
On
you have to append .html_safe to any string you're returning to the view. By default Rails doesn't trust anything the user might have created.
So
<%= @my_source_code_from_the_db %>
Becomes
<%= @my_source_code_from_the_db.html_safe %>
As @Sam_D mentioned, another option is to wrap your string in a call to raw:
<%= raw(@my_source_code_from_the_db) %>
Turns out it was because I was using
simple_format()when I removed that and just simply called<%= @lesson.lesson_content %>it rendered perfectly.