search

jorgemanrubia / truncato

A tool for truncating HTML strings efficiently
MIT License
59 stars 17 forks source link

Breakpoint and tail with HTML #11

Open caiotarifa opened 10 years ago

caiotarifa commented 10 years ago

Hey guys. I'm using truncato with a Rails 4 application. My needs are a bit different from the goal of gem, so I created a helper:

def truncate_html(content, breakpoint, options={})
  max_length = content.split(breakpoint)[0].length
  CGI.unescapeHTML(Truncato.truncate(content, options.merge(max_length: max_length)))
end

And I'm using like this:

<%= truncate_html(post.content, "<!--more-->", tail: link_to("Read more...", post_path(post))).html_safe %>

As can you see, I needed to crop text in the <!--more--> comment, like Wordpress. I believe it is an interesting feature to implement, what do you think?

My other problem is related to tags on tail. I tried to put a link, but it returned encoded HTML. So, I need use CGI.unescapeHTML to fix it.

Is there a better solution to do this?

jorgemanrubia commented 10 years ago

Hi @caiotarifa,

Sorry for the long delay in my response. I think the breakpoint thing is out of the scope of this gem. I see that as too application-specific as to add a new option for it.

Regarding admitting an HTML tail, it does make sense. If you want to prepare a PR I would be willing to merge it.

Thanks for your feedback

caiotarifa commented 10 years ago

Sure, thank you for your attention. Unfortunately I don't feel technically prepared to cooperate, but I'll try. I promise. :)

matheusca commented 10 years ago

@jorgemanrubia Hello! I'm cowork with @caiotarifa.

I'm willing to help you about this. Do you think better solution it's use CGI.unescapeHTML?

jorgemanrubia commented 10 years ago

Thanks. I haven't tried, but did you try link_to().html_safe for the tail? I think that might fix the issue here without having to touch the library.

If we need to unescape the tail in the source I'd try to do it once (when the tail is initialized). I would avoid escaping the whole truncated result as in the example above.

bradlis7 commented 7 years ago

@jorgemanrubia html_safe does not work on the tail. That's a rails thing, and this project is meant for any ruby I believe. I know this is an old issue, but I was trying to use HTML here as well.

fongfan999 commented 1 year ago

Hey there, I also have the same issue with HTML in :tail. I did try with html_safe but it didn't work, using CGI.unescapeHTML will expose XSS vulnerabilities.

Is there any workaround solution for this? By the way, thank you very much for making a precious gem.