html validation xhtml user-input escaping

Escaping ampersands input by users through text fields?

Like almost all apps today, I have users who enter various information through standard text inputs. My app is running on Rails.

It's a no-brainer to escape ampersands that I include as part of the site copy, etc. But how do I escape an ampersand that is dynamically input by a user? Currently, it's breaking my frontend validation.

Solution

When you display the values you need to replace certain characters with HTML entities. Those characters are:

& : &amp;
< : &lt;
> : &gt;
" : &quot;

Perhaps there is a HtmlEncode function that you can use for that, otherwise you can use plain string operations. Pseudo code:

output replace(replace(replace(replace(text, "&", "&amp"), "<", "&lt;"), ">", "&gt;", """", "&quot;")

Edit:
I found that you can use the html_escape() function:

<%=html_escape @text%>

Or short:

<%=h @text%>

My custom CSS transition animation is not working on hover after I added AOS JS library
How to set data attributes in HTML elements
How to get "Results per Row" (from a 'clicked entry' off a "dropdown menu") to show up correctly?
How to reduce the size of an ASCII text art picture
How to trigger SVG render same as manual DOM edit in Chrome using JS?
Set element width based on a string that is not in the element
Where are the trailing commas coming from in these radio buttons?
100vh height when address bar is shown - Chrome Mobile
Capture selected option returns not defined instead
Adjust navbar minimum height depending on screen width
How to remove extra width from my website?
Why doesn't backgroundColor=rgb(a,b,c) work?
How to put json variable directly into DIV Class
On hover the div inside button reduces height to give animation and little dark bottom. But text also moving up how to fix not move text
WOW jquery slider
Reduce the frequency of geolocation watchPosition calls
Why should HTML elements (input, textarea, and select) have associated labels?
Why ngModel doesn't works on the last version of Angular 17?
How to make an element's background-color a little darker using CSS
How do I clear the content of a div using JavaScript?
How do I display images from Google Drive on a website?
Tailwind h-screen doesn’t work properly on mobile devices
Edit icon in mobile view missing
Sticky header input scrolls on input
Image not loading on local site I made
React error in index.js, "Uncaught ReferenceError: dom is not defined"
Make the mix-blend-mode on a sticky navbar ignore certain elements while scrolling down
How to prevent bleach from escaping > (blockquote) tag used in Markdown
Why is the input bar spilling slightly on the right side of the container?
Method to show native datepicker in Chrome