Ruby编码问题显示电子邮件上的奇怪字符

时间:2014-10-20 16:52:07

标签: ruby-on-rails ruby

我在ruby 1.9.3p545和Rails 3.0.20

我有一份联系表格,当他们填写时我会向用户发送以下电子邮件:

Thank you for your inquiry Beverly,

This email is a receipt to confirm we have received your inquiry and `we'll` be in touch shortly.

我的问题是显示we'll而非显示we'll,我需要做什么才能正确显示消息?

我的控制器创建动作:

  def create
    @inquiry = Inquiry.new(params[:inquiry])

    if @inquiry.save
      if @inquiry.ham?
        begin
          InquiryMailer.notification(@inquiry, request).deliver
        rescue
          logger.warn "There was an error delivering an inquiry notification.\n#{$!}\n"
        end

        begin
          InquiryMailer.confirmation(@inquiry, request).deliver
        rescue
          logger.warn "There was an error delivering an inquiry confirmation:\n#{$!}\n"
        end
      end

      redirect_to thank_you_inquiries_url
    else
      render :action => 'new'
    end
  end

我在refinery-cms上使用它

on app/views/inquiry_mailer/confirmation.html.erb

我有:<%= InquirySetting.confirmation_message(Globalize.locale).gsub("%name%", @inquiry.name) %>

并在精炼设置上有以下电子邮件:

Thank you for your inquiry %name%,

This email is a receipt to confirm we have received your inquiry and we'll be in touch shortly.

非常感谢任何帮助!

1 个答案:

答案 0 :(得分:2)

Rails清理InquirySetting.confirmation_message(Globalize.locale).gsub("%name%", @inquiry.name)字符串。这样做是为了防止服务器呈现可能由用户提供的字符串中的html标签等。否则您的申请将是open to XSS attacks

如果您知道confirmation_message的字符串不是用户可更改的内容,则可以停用Rails&#39; declaring the string as safe的安全机制。通过将模板的内容更改为<%= raw InquirySetting.confirmation_message(Globalize.locale).gsub("%name%", @inquiry.name) %>来实现此目的。

同样,请仅在您信任模板内容的来源时才这样做。

相关问题
最新问题