Ruby on Rails CSV 将“"”而不是实际的报价

发布于 2024-09-26 17:42:55 字数 1352 浏览 4 评论 0原文

我正在尝试生成 CSV 文件。除了空白字段之外，一切都很好，我不太确定是否有 "" 而不是实际的引号。我提供了用于生成文件和一些输出的代码。

<% headers = ["Username", "Name", "E-mail", "Phone Number"] %>
<%= CSV.generate_line headers %>

<% @users_before_paginate.each do |user| %>
  <% row = [ "#{user.username}".html_safe ] %>
  <% row << "#{user.profile.first_name} #{user.profile.last_name}".html_safe unless user.profile.blank? %>
  <% row << "#{user.email}".html_safe unless user.profile.nil? %>
  <% row << "#{user.profile.phone}".html_safe unless user.profile.nil? %>
  <%= CSV.generate_line row %>
<% end %>

输出

Username,Name,E-mail,Phone Number

  admin,LocalShopper ,[email protected],&quot;&quot;
  Brian,Oliveri Design ,[email protected],727-537-9617
  LocalShopperJenn,Jennifer M Gentile ,[email protected],&quot;&quot;

原文

I am attempting to generate a CSV file. Everything is fine except for blank fields, I'm not quite sure have "" instead of actual quotes. I've provided the code I'm using to generate the file and some output.

<% headers = ["Username", "Name", "E-mail", "Phone Number"] %>
<%= CSV.generate_line headers %>

<% @users_before_paginate.each do |user| %>
  <% row = [ "#{user.username}".html_safe ] %>
  <% row << "#{user.profile.first_name} #{user.profile.last_name}".html_safe unless user.profile.blank? %>
  <% row << "#{user.email}".html_safe unless user.profile.nil? %>
  <% row << "#{user.profile.phone}".html_safe unless user.profile.nil? %>
  <%= CSV.generate_line row %>
<% end %>

Output

Username,Name,E-mail,Phone Number

  admin,LocalShopper ,[email protected],""
  Brian,Oliveri Design ,[email protected],727-537-9617
  LocalShopperJenn,Jennifer M Gentile ,[email protected],""

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

病女 2024-10-03 17:42:55

不要在数组的每个部分调用 html_safe，然后从中创建一个新的（非 html 安全）字符串，而是尝试在从 generate_line 返回字符串之后在末尾调用它

<%= CSV.generate_line(row).html_safe %>

： >更新：为了安全起见，您需要确保此模板不是作为 HTML 发送到浏览器，而是作为原始 text/csv 文件发送到浏览器。如果行内容包含任何实际的 HTML 标记，如

如果这个内容需要在HTML页面中输出，那么你最好考虑正确的转义，而不是像这样绕过它。

考虑一下您是否确实需要 html.erb 模板来生成 CSV。

Instead of calling html_safe on each part of the array and then making a new (non-html-safe) string from it, try calling it at the end, after the string is returned from generate_line:

<%= CSV.generate_line(row).html_safe %>

UPDATE: For security, you need to be sure that this template is not being sent to the browser as HTML, but a raw text/csv file. If the row content contains any actual HTML tags like <script>, these would not get escaped, because you've declared the output as "safe".

If this content needs to be output within an HTML page, then you'd better consider correct escaping instead of bypassing it like this.

Consider if you really need a html.erb template for generating CSV.

回复收藏 0 原文

所有深爱都是秘密 2024-10-03 17:42:55

这是我使用过的一个效果很好的模板：

<%=
  response.content_type = 'application/octet-stream'

  FasterCSV.generate do |csv|
    csv << @report[:columns]
    @report[:rows].each do |row|
      csv << row
    end
  end
%>

如果您愿意，您可以完全在控制器内执行此操作，并将其呈现为 :text 类型。

如果您在控制器内将内容按顺序排列（在本例中是一个简单的 @report 哈希），也比在视图中完成所有繁重的工作更有帮助。

Here's a template I've used that works well enough:

<%=
  response.content_type = 'application/octet-stream'

  FasterCSV.generate do |csv|
    csv << @report[:columns]
    @report[:rows].each do |row|
      csv << row
    end
  end
%>

You can do this entirely within the controller if you like and render it as type :text instead.

It also helps if you wrangle the content into order, in this case a simple @report hash, inside the controller than to do all the heavy lifting in the view.

回复收藏 0 原文

~没有更多了~