Don't call gsub on safe strings

Updated . Posted . Visible to the public.

Calling #gsub on a string that was previously marked as #html_safe will lead to unexpected behavior. E. g. backreferences to captured groups ($1, $2) will be nil even if the group was matched.

There is no universal workaround available since you can't expect #html_safe strings Show archive.org snapshot to still be safe after using gsub on them.

You can, however, fix the $1 gsub behavior on html_safe strings.

Henning Koch
makandra.de
Say thanks3
Last edit
License
Source code in this card is licensed under the MIT License.

Related cards:

Don't call #node on a Capybara element

Capybara allows you to select DOM elements, e.g. by using field, find_field(...) or field_labeled(...):

role_select = field_labeled('Role')

In the example above, role_select is now a Capybara::Driver::Node. You can call a [number o...

Don't mix Array#join and String#html_safe

You cannot use Array#join on an array of strings where some strings are html_safe and others are not. The result will be an unsafe string and will thus be escaped when rendered in a view:

unsafe_string = '<span>foo</span>'
safe_string...

How to fix gsub on SafeBuffer objects

If you have an html_safe string, you won't be able to call gsub with a block and match reference variables like $1. They will be nil inside the block where you define replacements ([as you already know](https://makandracards.com/makandra/2...

Don't use PDFKit v0.5.4 – it breaks on dead urls

When I upgraded from 0.5.4 PDFKit deadlocked or crashed when an ApplicationController::RouteError occured. If this error happens only because of a broken image link you probably still wan't the page to render and get a PDF with a "missing image pl...

Don't forget: Automatically remove join records on has_many :through associations

Bad

# Given the following models

class Image < ActiveRecord::Base
  has_many :album_images
  has_many :albums, through: :album_images
end

class Album < ActiveRecord::Base
  has_many :album_images
  has_many :images, through: :album_i...

Gem development: When your specs don't see dependencies from your Gemfile

When you develop a gem and you have a Gemfile in your project directory, you might be surprised that your gem dependencies aren't already required in your specs. Here is some info that should help you out:

  • Bundler actually doesn't automatical...

Don't assign time values to date attributes

Do not pass times to date attributes. Always convert times to dates when your application uses time zones.

Background

A time-zoned Time attribute on a Rails record is converted to UTC using to_s(:db) to be stored, and converted back into t...

RubyMine: You can disable inspections you don't care about

When you find yourself constantly ignoring a RubyMine warning, you can simple disable that warning and de-clutter your editor. E.g. in my Cucumber scenarios RubyMine underlines 90% of all lines because it does not know about [spreewald](https://gi...

Rails: When defining scopes with class methods, don't use `self`

Sometimes it is useful to define a named scope by implementing a static method with the scope's name on the scoped class. For instance, when a method should decide which existing scope should be the next link in the scope chain. Take this class fo...

Touch devices don't have mouseover events

It might sound trivial, but there is no such thing as a "hover" or "mouseover" state on touch devices. If your application is supposed to work on iPads, smartphones, etc., don't hide information behind a tooltip, and don't make controls appear whe...

Posted by Henning Koch to makandra dev (2011-10-17 13:46)
This website uses short-lived cookies to improve usability.
or learn more