I'm using the following set of code in both my views and the mailer:
<%= simple_format(auto_link(h(user_input))) %>
I begin by calling html_safe (h) on the user_input, in order to escape any dangerous code. I then call auto_link to enable any links in their input, and then I call simple_format to enable line breaks and such.
This works perfectly in my view, and properly displays the following, fully escaped, yet with a working link:
" http://google.com "
However, when the exact same is displayed in an ActionMailer email, I'm seeing all of the special characters, including my autolink, doubly escaped (the &quot; for example doesn't display correctly as a result) :
&quot; <a href=3D"http://google.com">http://google.=com</a> &quot;
For some reason, I need to re-mark it as html_safe again to get it working:
<%= simple_format(auto_link(h(user_input))).html_safe %>
This correctly outputs:
" <a href=3D"http://google.com">http://google.com</a> "
Any ideas on why ActionView and ActionMailer treat the same code differently?
If you call simple_format from the email template (to render out line breaks), the behavior you get is terribly unusual, and it turns out this helper is overwritten with a private method.
Anyways, you can access simple_format in the email template by using this hack:
ApplicationController.helpers.simple_format()
Hopefully in another rails release this will be fixed.