Return to book
Review this book
About the author
Introduction
1. Goals
2. Tutorial
- 2.1. A Sample Todo App
- 2.2. Todo Functionality
3. Docs
4. Deployment
5. Getting Help
6. FAQ
7. Component Gems
8. Contributing
9. Roadmap

Volt Introduction and Docs

Content binding

The most basic binding is a content binding:

<p>Hello {{ name }}</p>

The content binding runs the Ruby code between {{ and }}, then renders the return value. Any time the data a content binding relies on changes, the binding will run again and update the text. Text in content bindings is html escaped by default.

Raw

You can disable html escaping by using the raw method:

<p>Your html is {{ raw your_html }}.</p>

Using raw is considered dangerous because if the user controlled html is displayed to another user, they can easily inject any javascript (by using something like <img src=".." onload="somejs" />) This is known as a Cross Site Scripting Attack. Only use raw if you understand how a Cross Site Scripting Attack works and how to avoid them.