sanitize_css(style) Instance Public methods Sanitizes a block of CSS code. Used by sanitize when it comes across a style attribute.

sanitize(html, options = {}) Instance Public methods This sanitize helper will html encode all tags and strip all attributes that aren't specifically allowed. It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out the extensive test suite. <%= sanitize @article.body %> You can add or remove tags/attri

render(options = {}, locals = {}, &block) Instance Public methods Returns the result of a render that's dictated by the options hash. The primary options are: :partial - See ActionView::PartialRenderer. :file - Renders an explicit template file (this used to be the old default), add :locals to pass in those. :inline - Renders an inline template similar to how it's done in the controller. :text - Renders the text passed in out. :plain - Renders the text passed in out. S

_layout_for(*args, &block) Instance Public methods Overwrites #_layout_for in the context object so it supports the case a block is passed to a partial. Returns the contents that are yielded to a layout, given a name or a block. You can think of a layout as a method that is called with a block. If the user calls yield :some_name, the block, by default, returns content_for(:some_name). If the user calls simply yield, the default block returns content_for(:layout). The user can o

div_for(record, *args, &block) Instance Public methods Produces a wrapper DIV element with id and class parameters that relate to the specified Active Record object. Usage example: <%= div_for(@person, class: "foo") do %> <%= @person.name %> <% end %> produces: <div id="person_123" class="person foo"> Joe Bloggs </div> You can also pass an array of Active Record objects, which will then get iterated over and yield each record as an argument for

content_tag_for(tag_name, single_or_multiple_records, prefix = nil, options = nil, &block) Instance Public methods #content_tag_for creates an HTML element with id and class parameters that relate to the specified Active Record object. For example: <%= content_tag_for(:tr, @person) do %> <td><%= @person.first_name %></td> <td><%= @person.last_name %></td> <% end %> would produce the following HTML (assuming @person is an insta

safe_join(array, sep=$,) Instance Public methods This method returns a html safe string similar to what Array#join would return. All items in the array, including the supplied separator, are html escaped unless they are html safe, and the returned string is marked as html safe. safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />") # => "<p>foo</p>&lt;br /&gt;&lt;p&gt;bar&lt;/p&gt;" safe_join(["<p>foo&

raw(stringish) Instance Public methods This method outputs without escaping a string. Since escaping tags is now default, this can be used when you don't want Rails to automatically escape tags. This is not recommended if the data is coming from the user's input. For example: raw @user.name # => 'Jimmy <alert>Tables</alert>'

number_with_precision(number, options = {}) Instance Public methods Formats a number with the specified level of :precision (e.g., 112.32 has a precision of 2 if :significant is false, and 5 if :significant is true). You can customize the format in the options hash. Options :locale - Sets the locale to be used for formatting (defaults to current locale). :precision - Sets the precision of the number (defaults to 3). :significant - If true, precision will be the # of significan

number_with_delimiter(number, options = {}) Instance Public methods Formats a number with grouped thousands using delimiter (e.g., 12,324). You can customize the format in the options hash. Options :locale - Sets the locale to be used for formatting (defaults to current locale). :delimiter - Sets the thousands delimiter (defaults to â,â). :separator - Sets the separator between the fractional and integer digits (defaults to â.â). :raise - If true, raises InvalidNumberError w