Rails 3 does not render HTML as markup

I submitted a form, to create single row in SQL database table, as a blog entry:

<p>This is a paragraph.</p>

And the result, when I query it out for display, via Rails's ActiveRecord, it rendered like this, :

<p>This is a paragraph.</p>

a开发者_JS百科nd here's the code, when I view source in browser:

<p>This is a paragraph.</p>

How do I solve this? Or I just have to convert the < and > by Javascript?

Thank you :)

What is happening is that the string is being HTML-escaped.

You could use html_safe to not escape the string when it is rendered. For example, <%= post.paragraph.html_safe %>.

But of course, that is not recommended in case you allowed the form to store (unrestricted) HTML in the first place, it could contain for example malicious JavaScript (eg for XSS). Needless to say that's extremely bad practice.

Important Note You should ensure that the HTML contains a whitelist of allowed HTML tags before using html_safe on any HTML. Additionally you might want to enforce the whitelist even when saving the form's contents (Note that enforcing whitelisting while saving is not a substitute for enforcing whitelisting when displaying the content!).

You might want to make a start by this StackOverflow's own "rules".