How do I URL-escape a string in Rails?

Question

If I'm in an RHTML view in Rails, it is easy to URL-escape something:

<a href="/redirect?href=<%=u target %>">Foo</a>

How do I do this in a string? I'd like to do something like this:

<% redirect_href = "/redirect?#{url_escape target}&amp;foo=bar&amp;baz=some_other_stuff" -%>
<a href="<%= redirect_href =>">Foo</a>

This must be trivial, right?

Ernest · Answer 1 · 2016-07-28T14:33:50.720

75

Rails (activesupport) defines Hash#to_param (aliased to Hash#to_query):

 {foo: 'asd asdf', bar: '"<#$dfs'}.to_param
 # => "bar=%22%3C%23%24dfs&foo=asd+asdf"

It's worth noting that it sorts query keys (for HTTP caching).

Hash#to_param also accepts optional namespace parameter:

{name: 'David', nationality: 'Danish'}.to_param('user')
# => "user[name]=David&user[nationality]=Danish"

edited Jul 28 '16 at 14:33

answered Nov 29 '12 at 13:04

Ernest

5

Seems like it's turning spaces into `+` not `%20` `>> {y: "blah blah"}.to_query` outputs `"y=blah+blah"` – cdmo May 16 '19 at 12:17

score 75 · Accepted Answer · edited May 29 '13 at 17:49

75

CGI.escape will do it:

<% redirect_href = "/redirect?#{CGI.escape target}&amp;foo=bar&amp;baz=some_other_stuff" -%>
<a href="<%= redirect_href =>">Foo</a>

edited May 29 '13 at 17:49

Tom Harrison

answered May 19 '11 at 11:56

Josh Glover

15

`CGI.escape` is not the best thing, as it encodes space as '+' which is deprecated and not always parses correctly on the other side. For example, if you have Rails route "/my-path/:query" where query includes '+', it will stay as '+' after route parsing. To make it work better, use `ERB::Util.u(string)`, which escapes space as "%20". – Kaplan Ilya Oct 01 '17 at 09:32
1

To give an example of the issue with CGI.escape, a link like `link_to("hi", "mailto:foo@bar.com?body=#{CGI.escape("one two")}")` would give you the mail body "one+two" in Apple's desktop Mail.app. – Henrik N Nov 22 '19 at 13:54

Viktor Trón · Answer 3 · 2013-02-10T11:59:21.550

43

can be used from anywhere, part of ruby std lib.

edited Feb 10 '13 at 11:59

answered Feb 09 '13 at 11:19

Viktor Trón

You need this one if you want spaces to be represented as `%20` – Toby 1 Kenobi Jun 15 '22 at 22:58

score 11 · Answer 4 · edited May 23 '17 at 11:46

11

Use either CGI::escape or ERB::Util.url_encode but not URI.encode.

edited May 23 '17 at 11:46

Community

answered Sep 27 '13 at 20:04

thekingoftruth

4 Answers4