Rails: How not to escape in "" tag</a></h1> </div> <div class="grid fw-wrap pb8 mb16 bb bc-black-075"> <div class="grid--cell ws-nowrap mr16 mb8" title="2016-01-12 19:07:53Z"> <span class="fc-light mr2">Asked</span> <time itemprop="dateCreated" datetime="2016-04-22T09:31:48.030" class="fromnow">Apr 22 '16 at 09:31</time> </div> <div class="grid--cell ws-nowrap mr16 mb8"> <span class="fc-light mr2">Active</span> <time class="fromnow" title="2016-04-22T12:01:10.907" datetime="2016-04-22T12:01:10.907">Apr 22 '16 at 12:01</a> </div> <div class="grid--cell ws-nowrap mb8" title="Viewed 1,331 times"> <span class="fc-light mr2">Viewed</span> 1,331 times </div> </div> <div id="mainbar" role="main" aria-label="questions and answers"> <div id="question" class="question" data-questionid="36790102" data-ownerid="3785426" data-score="1"> <div class="post-layout"> <div class="votecell post-layout--left"> <div class="js-voting-container grid jc-center fd-column ai-stretch gs4 fc-black-200" data-post-id="36790102"> <button class="js-vote-up-btn grid--cell s-btn s-btn__unset c-pointer"><svg aria-hidden="true" class="m0 svg-icon iconArrowUpLg" width="36" height="36" viewBox="0 0 36 36"><path d="M2 26h32L18 10 2 26z"></path></svg></button> <div class="js-vote-count grid--cell fc-black-500 fs-title grid fd-column ai-center" itemprop="upvoteCount" data-value="1">1</div> <button class="js-bookmark-btn s-btn s-btn__unset c-pointer py4"> <svg aria-hidden="true" class="svg-icon iconBookmark" width="18" height="18" viewBox="0 0 18 18"><path d="M6 1a2 2 0 00-2 2v14l5-4 5 4V3a2 2 0 00-2-2H6zm3.9 3.83h2.9l-2.35 1.7.9 2.77L9 7.59l-2.35 1.7.9-2.76-2.35-1.7h2.9L9 2.06l.9 2.77z"></path></svg> <div class="js-bookmark-count mt4" data-value=""></div> </button> </div> </div> <div class="postcell post-layout--right"> <div class="s-prose js-post-body" itemprop="text"><p>I developed Rails app.</p> <p>Characters such as <code>&</code> are escaped to <code>&amp;</code> in <code><title></code> tag.</p> <p>For example,<code>foo & bar</code> is displayed such as <code>foo &amp; bar</code> in the title.</p> <p>When I use <code>raw</code>, it can be displayed as I expect. But I don't want to use <code>raw</code> because the data will be inputted by the user.</p> <p>I'd like to display like <a href="../../questions/11417510/symfony-2-twig-how-not-to-escape-field-value-used-with-backbonejs-symfony-2">this post</a> (Pls see only title. Contents is nothing to do with my question). <code>&</code> is displayed in the title in spite of inputted by the user.</p> <p>My code is as below.</p> <p><strong>application.html.erb</strong></p> <pre><code><head> <title><%= full_title(yield(:title)) %></title> ... </code></pre> <p><strong>application_helper.rb</strong></p> <pre><code> def full_title(page_title = '') base_title = "app name" if page_title.empty? base_title else page_title + " | " + base_title end end </code></pre> <p>I added <code>provide</code> in some view files, such as <strong>show.html.erb</strong>.</p> <pre><code><% provide(:title, @schedule.title) %> #this title is inputted by user </code></pre> <p>Is it possible to escape it, but allow some characters unescaped?</p></div> <div class="mt24 mb12"> <div class="post-taglist grid gs4 gsy fd-column"> <div class="grid ps-relative"> <a href="../../questions/tagged/ruby-on-rails" class="post-tag js-gps-track" title="show questions tagged 'ruby-on-rails'" rel="tag">ruby-on-rails</a> <a href="../../questions/tagged/ruby" class="post-tag js-gps-track" title="show questions tagged 'ruby'" rel="tag">ruby</a> <a href="../../questions/tagged/ruby-on-rails-4" class="post-tag js-gps-track" title="show questions tagged 'ruby-on-rails-4'" rel="tag">ruby-on-rails-4</a> </div> </div> </div> <div class="mb0"> <div class="mt16 grid gs8 gsy fw-wrap jc-end ai-start pt4 mb16"> <div class="grid--cell mr16 fl1 w96"></div> <div class="post-signature grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="edited May 23 '17 at 10:33">edited May 23 '17 at 10:33</time> <a href="../../users/-1/community" class="s-avatar s-avatar__32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/-1.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="Community" /> </a> <div class="s-user-card--info"> <a href="../../users/-1/community" class="s-user-card--link">Community</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">1</li> <li class="s-award-bling s-award-bling__silver" title="1 silver badges">1</li> </ul> </div> </div> </div> <div class="post-signature owner grid--cell"> <div class="s-user-card s-user-card"> <time class="s-user-card--time" datetime="asked Apr 22 '16 at 09:31">asked Apr 22 '16 at 09:31</time> <a href="../../users/3785426/samuraiblue" class="s-avatar s-avatar__32 s-user-card--avatar"> <img class="s-avatar--image" src="../../users/profiles/3785426.webp" data-jdenticon-width="32" data-jdenticon-height="32" data-jdenticon-value="SamuraiBlue" /> </a> <div class="s-user-card--info"> <a href="../../users/3785426/samuraiblue" class="s-user-card--link">SamuraiBlue</a> <ul class="s-user-card--awards"> <li class="s-user-card--rep" title="reputation score">851</li> <li class="s-award-bling s-award-bling__gold" title="2 gold badges">2</li> <li class="s-award-bling s-award-bling__silver" title="17 silver badges">17</li> <li class="s-award-bling s-award-bling__bronze" title="44 bronze badges">44</li> </ul> </div> </div> </div> </div> </div> </div> <div class="post-layout--right js-post-comments-component"> <div id="comments-36790102" class="comments js-comments-container bt bc-black-075 mt12 " data-post-id="36790102" data-min-length="15"> <ul class="comments-list js-comments-list" data-remaining-comments-count="0" data-canpost="false" data-cansee="true" data-comments-unavailable="false" data-addlink-disabled="true"> <li id="comment-61155125" class="comment js-comment " data-comment-id="61155125" data-comment-owner-id="3786332" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61155125_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">use `.html_safe` method</span> – <a href="../../users/3786332/uzaif" title="3,511 reputation" class="comment-user ">uzaif</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/36790102/rails-how-not-to-escape-in-title-tag#comment61155125_36790102"><span title="2016-04-22T09:36:57.047 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '16 at 09:36</span></a></span> </div> </div> </li> <li id="comment-61155367" class="comment js-comment " data-comment-id="61155367" data-comment-owner-id="4563235" data-comment-score="2"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> <span title="number of 'useful comment' votes received" class="warm">2</span> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61155367_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">.html_safe is the equivalent of using raw. Never use it with user input.</span> – <a href="../../users/4563235/hypern" title="887 reputation" class="comment-user ">hypern</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/36790102/rails-how-not-to-escape-in-title-tag#comment61155367_36790102"><span title="2016-04-22T09:42:38.773 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '16 at 09:42</span></a></span> </div> </div> </li> <li id="comment-61155380" class="comment js-comment " data-comment-id="61155380" data-comment-owner-id="125816" data-comment-score="4"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> <span title="number of 'useful comment' votes received" class="warm">4</span> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61155380_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">I'm confused. So do you want to escape or not?</span> – <a href="../../users/125816/sergio-tulentsev" title="226,338 reputation" class="comment-user ">Sergio Tulentsev</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/36790102/rails-how-not-to-escape-in-title-tag#comment61155380_36790102"><span title="2016-04-22T09:42:58.713 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '16 at 09:42</span></a></span> </div> </div> </li> <li id="comment-61155513" class="comment js-comment " data-comment-id="61155513" data-comment-owner-id="177053" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61155513_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">Do you want to escape it, but allow some characters unescaped?</span> – <a href="../../users/177053/vasfed" title="18,013 reputation" class="comment-user ">Vasfed</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/36790102/rails-how-not-to-escape-in-title-tag#comment61155513_36790102"><span title="2016-04-22T09:46:13.860 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '16 at 09:46</span></a></span> </div> </div> </li> <li id="comment-61155836" class="comment js-comment " data-comment-id="61155836" data-comment-owner-id="3785426" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61155836_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">Thank you for your quick response and sorry for unclear question, @Vasfed. As you commented, I think I'd like to allow some characters unescaped.</span> – <a href="../../users/3785426/samuraiblue" title="851 reputation" class="comment-user owner">SamuraiBlue</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/36790102/rails-how-not-to-escape-in-title-tag#comment61155836_36790102"><span title="2016-04-22T09:53:46.427 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '16 at 09:53</span></a></span> </div> </div> </li> <li id="comment-61155886" class="comment js-comment " data-comment-id="61155886" data-comment-owner-id="3785426" data-comment-score="0"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61155886_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">Thank you for your quick response and sorry for unclear question, @ Sergio Tulentsev. As Vasfed commented, I think I'd like to allow some characters unescaped.</span> – <a href="../../users/3785426/samuraiblue" title="851 reputation" class="comment-user owner">SamuraiBlue</a> <span class="comment-date" dir="ltr"><a class="comment-link" href="../../questions/36790102/rails-how-not-to-escape-in-title-tag#comment61155886_36790102"><span title="2016-04-22T09:55:04.193 License: CC BY-SA 3.0" class="relativetime-clean">Apr 22 '16 at 09:55</span></a></span> </div> </div> </li> <li id="comment-61157799" class="comment js-comment " data-comment-id="61157799" data-comment-owner-id="477037" data-comment-score="2"> <div class="js-comment-actions comment-actions"> <div class="comment-score js-comment-edit-hide"> <span title="number of 'useful comment' votes received" class="warm">2</span> </div> </div> <div class="comment-text js-comment-text-and-form"> <a name="comment61157799_36790102"></a> <div class="comment-body js-comment-edit-hide"> <span class="comment-copy">`&` has to be escaped as `&`, the `<title>` tag is no exception. If your browser shows `&` literally, you have most likely escaped it twice. BTW, the linked post's title tag is `<title>symfony2 - Symfony 2, Twig: how not to escape field value (used with backbonejs & symfony 2) - Stack Overflow`. – Stefan Apr 22 '16 at 10:45

Answer 1

You ask how to avoid escaping, but it sounds like what you really want is for browsers to display "&" instead of "&".

If you use your browser's "View Source" feature on the page you said looked right, you will see that it begins with:

<!DOCTYPE html>
<html itemscope itemtype="http://schema.org/QAPage">
<head>

<title>symfony2 - Symfony 2, Twig: how not to escape field value (used with backbonejs &amp; symfony 2) - Stack Overflow</title>

Observe that ampersand is entity-encoded as & just the way it "should" be.

Observe that the document begins with a DOCTYPE declaration. A document that begins with something else will probably trigger the browser's quirks mode for compatibility.

Use your browser's "View Source" function on your Rails application. Does the document begin with a DOCTYPE declaration? (<DOCTYPE html> is good.) Does the sequence & appear on its own? (If you see & or similar, you're encoding an already-encoded string.)