Rails: Create a Report System in Rails

i'm trying to adapt my messages system in order to be able to use it to send reports to users. For instance, a user might finish a job and he will then receive a private message as a report for that.

The problem is storing the report to my database. A report is not just text. It can have links, or even user generated data, that was previously stored in the db.

My idea was using render_to_strin开发者_StackOverflowg to render a view to a variable and then store it to the database as a new message. However, user generated data and links are a problem, because they are not escaped. Ideally, html tags like

should not be escaped, as well as link_to's. However, if there is a <%= user.username %> somewhere in the report, this one should be escaped.

I'm a bit stumbled with that. Do you know of an efficient way to do it ?

Generally anything that's in HTML mode you can escape with:

<%= h(user.username) %>

This is the simple "render safe HTML" helper method available to all views. Plain-text does not need to be escaped the same way.