8

I am using prawn gem to generate PDF reports,

@user.description returns as string "<b>sample text</b> &nspb; <p>sample text</p>"

while appending values to the pdf table

pdftable = Prawn::Document.new
pdftable.table([["#{@user.description}"]],
         :column_widths => {0 => 50, 1 => 60, 2 => 280, }, :row_colors => ["ffffff"])

in this case generated pdf has content with html tags, even i tried applying html_safe but it is not escaping tags.

is it possible to use/apply html_safe inside prawn pdftable, in order to escape html tags?

skolima
  • 31,963
  • 27
  • 115
  • 151
lamrin
  • 1,431
  • 4
  • 22
  • 34
  • What is showing up in the PDF, exactly, and what do you want to show up instead? – Michelle Tilley Jan 04 '12 at 07:00
  • in pdf its showing up "sample text &nspb;

    sample text

    " , instead it should be only text i.e "Sample text sample text", html_safe should be applied     – lamrin Jan 04 '12 at 08:15
  • Sorry, but that's not what `html_safe` does--it simply tells Rails that the string should not be escaped when used in a view. Check out [this question](http://stackoverflow.com/questions/7414267/strip-html-from-string-ruby-on-rails) for a solution. – Michelle Tilley Jan 04 '12 at 08:27
  • how one can make htMl_safe work in controller, or is there any alternate method for this. – lamrin Jan 04 '12 at 08:35
  • Did you try all the same, but without quotation marks? `pdftable.table([[@user.description.html_safe]] ...` – alony Jan 04 '12 at 08:53

2 Answers2

6

Once again, html_safe is not the method you should be using; it doesn't do what you think it does. All html_safe does is mark the string as safe, thus telling Rails that it does not need to escape it in a view. When using Prawn it would have no effect.

What it sounds like you want to do is not escape HTML, but strip HTML tags from the string. Rails has an HTML sanitizer in ActionView::Helpers::SanitizeHelper, but by default it allows certain tags; you can turn this behavior off using the tags attribute.

class MyClass
  include ActionView::Helpers::SanitizeHelper

  def remove_html(string)
    sanitize(string, :tags => {}) # empty tags hash tells it to allow no tags
  end
end

obj = MyClass.new
obj.remove_html "<b>sample text</b> &nspb; <p>sample text</p>"
 => "sample text &nspb; sample text"

You can include ActionView::Helpers::SanitizeHelper in your controller to get access to the sanitize method.

Note that the &nbsp; is still in the string; if you want to remove these HTML entities, you'll need to use some other method; the HTMLEntities gem is one such method:

[1] pry(main)> require 'htmlentities'
=> true
[2] pry(main)> coder = HTMLEntities.new
=> #<HTMLEntities:0x007fb1c126a910 @flavor="xhtml1">
[3] pry(main)> string = "sample text &nbsp; sample text"
=> "sample text &nbsp; sample text"
[4] pry(main)> coder.decode string
=> "sample text   sample text"

(note that in your example, the text says &nspb; instead of &nbsp;).

Michelle Tilley
  • 157,729
  • 40
  • 374
  • 311
  • Thanks a lot, it helped me to little extent, but still some of the tags generated from one of the HTML editor Tinymce, are not being converted to actual text with htmlentities. But it works really good when i use raw or htnm_safe in the View. – lamrin Jan 05 '12 at 11:49
3

If you are looking for a way to use prawn's inline format than you could also do as following:

pdftable = Prawn::Document.new
cell = make_cell(content: "#{@user.description}", inline_format: true)
pdftable.table([[cell]])
marthoff
  • 31
  • 3