How do I encode/decode HTML entities in Ruby?

ruby

html-entities

html-parsing

ruby-gem

byAnton Shumikhin·Dec 2, 2024

To encode HTML entities in Ruby, use CGI.escapeHTML(). It transforms sensitive characters like <, >, & into their corresponding encoded entities: <, >, &.

require 'cgi'
encoded = CGI.escapeHTML('<script>alert("Hi!")</script>')
# => "&lt;script&gt;alert(&quot;Hi!&quot;)&lt;/script&gt;"
# No more "Hi!" for Mr. Script! It's encoded now

To decode these entities back to the original characters, use CGI.unescapeHTML().

decoded = CGI.unescapeHTML('&lt;script&gt;alert("Hi!")&lt;/script&gt;')
# => "<script>alert(\"Hi!\")</script>"
# Mr. Script woke up from the matrix, He is decoded and says "Hi!"

Utilizing the CGI methods ensures safe rendering and correct data interpretation in HTML environment.

Extend your magic wand (Extra Tools)

Chasing the rabbit further down into the HTML encoding-decoding wonderland, Ruby presents an armory of other useful tools. So let's shuffle the deck:

Rails Spells

For the Rails wizards out there, you've got some neat spells up your sleeve: the 'h' method for encoding and the 'raw' method for decoding.

# In a Rails context
<%= h '<script>alert("Hi!")</script>' %>
# => "&lt;script&gt;alert(&quot;Hi!&quot;)&lt;/script&gt;"
# Abracadabra! Your unsafe string is now safe!

# In a Rails context
<%= raw '&lt;script&gt;alert("Hi!")&lt;/script&gt;' %>
# => "<script>alert("Hi!")</script>"
# Presto change-o! Your encoded string is now decoded!

Ah the magic of Rails, providing "spells" for preventing XSSicious wartrolls (or XSS attacks) in your kingdom (web app).

Nokogiri, the friendly parsing giant

Meet friendly giant Nokogiri, our trusty ally when it comes to any scale of HTML parsing. He’s burly but gentle, even beyond CGI boundaries.

require 'nokogiri'
doc = Nokogiri::HTML.parse("&lt;div&gt;Hello World&lt;/div&gt;")
puts doc.text
# => "Hello World"
# Giant Nokogiri flexes his parsing muscles, effortlessly wrestling HTML entities.

Nokogiri is carried on your quest, taking care of all entity wrestling during the journey to document parsing.

It's a gem, it's a reference, it’s HTMLEntities!

When it comes to HTML entity handling with extra power, the specially curated HTMLEntities gem has got your back. Offering a rich set of features for dealing with named, decimal, and hex references.

require 'htmlentities'
coder = HTMLEntities.new
encoded = coder.encode("<div>Hello World</div>")
decoded = coder.decode("&lt;div&gt;Hello World&lt;/div&gt;")
# "It's a bird, It's a plane, No, it's HTMLEntities swooping in to save the day!"

Keep up the spirit, and the speed (Enhancements and Tricks)

Advancing on our magical journey in Ruby land, here are some of the secret scrolls you can learn about:

Choosing your Spellbook (Dependencies)

Tripping on a gem isn't always a pleasant experience. Verify if your chosen gems are sterling by:

Checking the activity level of maintenance and community reviews.
Ensuring they are not infamous for security vulnerabilities.
Confirming their compatibility with the rest of your magical artifacts (other gems).

Beware of the Cursed Scrolls (Edge Cases)

Stay vigilant against the cursed scrolls and always be ready for:

Incomplete or corrupted HTML: Will your spell still work?
Non-standard entities: Does your spell recognize all entities you need to vanquish?
Performance: How fast will your spell execute when up against hordes of texts?

Fantastic Helpers and Where to Find Them

In the mystic Rails forest, keep your eyes open for the helpers lurking around. Use html_helpers and sanitize methods to keep the boggarts (HTML strings) at bay.

explain-codes / Ruby / How do I encode/decode HTML entities in Ruby?

Linked

How to HTML encode/escape a string? Is there a built-in?



Ruby on Rails: how to render a string as HTML?



Html Entity Decode



How do I properly escape quotes inside HTML attributes?



Best way to store JSON in an HTML attribute?

