Time To Pull The Plug

This is a subtitle. There are many like it, but this one is here.

Unescaping HTML on ActiveAdmin Pages

| Comments

By default, an ActiveAdmin page, either show or index, will escape any HTML in a field that it displays. This is generally good behavior, but if you have an HTML field that’s supposed to have HTML in it, it will be displayed fully escaped, with the < and > tags mucking things up in all their glory. If you have a field that’s supposed to have HTML in it and you take care of cleaning and sanitizing it already (like on save), you can get around this feature like so.

Assuming your ActiveAdmin controller is set up like so:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
ActiveAdmin.register Foobaz do
  # ....
  index do
    # ...
    column :htmlstuff
    # ...
  end
  show do
    # ...
    row :htmlstuff
    # ...
  end

end

Change that htmlstuff column like so:

1
2
3
4
5
6
7
8
9
10
11
12
13
ActiveAdmin.register Foobaz do
  # ....
  index do
    # ...
    column (:htmlstuff) { |foobar| raw(foobar.htmlstuff) }
    # ...
  end
  show do
    # ...
    row (:htmlstuff) { |foobar| raw(foobar.htmlstuff) }
    # ...
  end
end

NB: You should probably only disable the HTML escaping if it’s something you really want to do, and if you are allowing the HTML to be rendered as HTML you should make sure it’s sanitized before it’s displayed.

Comments