While it was a good move from Rails part to escape ERB <%= %> tags by default, it doesn''t seem to happen to Sprockets as well. The strange bit is that according to Sprockets documentation, it would be just a matter of naming your template as .jst.eco to enable Eco: https://github.com/sstephenson/sprockets#javascript-templating-with-ejs-and-eco Then, extracted from Eco documentation: https://github.com/sstephenson/eco <%= expression %>: Evaluate a CoffeeScript expression, *escape* its return value, and print it. It means that by default it should escape "expression". So why isn''t escaping happening by default on Rails JST eco templates? I know about templating alternatives like Handlebars or Knockout, but I actually want to be able to use some ERB-like template. For example, as far as I could find out Handlebars won''t support local helpers for instance. I don''t like the idea of polluting the global space with lots of helpers because it would be a mess for me to maintain such code. Also, I miss an easy way to embed something like products_path in my ECO templates for obvious reasons, but this is a minor issue for me... Escaping is a very important one though. Thanks in advance, Rodrigo. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Sorry, please ignore this message. It does escape. The problem is that Chrome''s inspector won''t show them escaped Sorry, again, Rodrigo. Em 07-05-2012 16:18, Rodrigo Rosenfeld Rosas escreveu:> While it was a good move from Rails part to escape ERB <%= %> tags by > default, it doesn''t seem to happen to Sprockets as well. > > The strange bit is that according to Sprockets documentation, it would > be just a matter of naming your template as .jst.eco to enable Eco: > > https://github.com/sstephenson/sprockets#javascript-templating-with-ejs-and-eco > > Then, extracted from Eco documentation: > > https://github.com/sstephenson/eco > > > <%= expression %>: Evaluate a CoffeeScript expression, *escape* its > return value, and print it. > > It means that by default it should escape "expression". So why isn''t > escaping happening by default on Rails JST eco templates? > > I know about templating alternatives like Handlebars or Knockout, but > I actually want to be able to use some ERB-like template. > > For example, as far as I could find out Handlebars won''t support local > helpers for instance. I don''t like the idea of polluting the global > space with lots of helpers because it would be a mess for me to > maintain such code. > > Also, I miss an easy way to embed something like products_path in my > ECO templates for obvious reasons, but this is a minor issue for me... > Escaping is a very important one though. > > Thanks in advance, > Rodrigo. >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
Reasonably Related Threads
- cache-busting non-digest assets in sprockets in development a good idea? should headers in sprockets be configurable?
- url helper in model.js.erb.cofee (Sprockets::Context)
- Problem with rails generaterspec:install, Error-Message: no such file to load, sprockets-railtie (loadError)
- creating a world map of eco-climatic zones
- Error : bundle install