I have a json formatted arg that I pass to a view helper, but the HTML gets escaped. I need it not to. I''m on Rails 2.3.6=8, I''ve tried using rails_xss and using raw and html_safe but it doesn''t make a difference. How do I not escape the argument? See http://gist.github.com/613780 for more details. Thanks! Ramon Tayag -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2010-Oct-09 09:49 UTC
Re: Not escaping arguments passed on to view helpers
On Oct 9, 10:43 am, Ramon Tayag <ramon.ta...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I have a json formatted arg that I pass to a view helper, but the HTML > gets escaped. I need it not to. I''m on Rails 2.3.6=8, I''ve tried using > rails_xss and using raw and html_safe but it doesn''t make a > difference. How do I not escape the argument? Seehttp://gist.github.com/613780for more details. >I think the html safe mostly worries about < and > and so on. Looking at your example it looks like the correct thing is happening - if those quotes marks weren''t escaped you''d have <textarea cols="50" data-bespinoptions="{ "syntax": "js" }" which isn''t right. Fred> Thanks! > Ramon Tayag-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Ramon Tayag
2010-Oct-10 13:31 UTC
Re: Re: Not escaping arguments passed on to view helpers
Yes, that wouldn''t be, but how about:
<textarea cols="50" data-bespinoptions=''{
"syntax": "js" }''
Ramon Tayag
On Sat, Oct 9, 2010 at 5:49 PM, Frederick Cheung
<frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
> On Oct 9, 10:43 am, Ramon Tayag
<ramon.ta...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > I have a json formatted arg that I pass to a view helper, but the HTML
> > gets escaped. I need it not to. I''m on Rails 2.3.6=8,
I''ve tried using
> > rails_xss and using raw and html_safe but it doesn''t make a
> > difference. How do I not escape the argument? Seehttp://
> gist.github.com/613780for more details.
> >
>
> I think the html safe mostly worries about < and > and so on.
> Looking at your example it looks like the correct thing is happening -
> if those quotes marks weren''t escaped you''d have
>
> <textarea cols="50" data-bespinoptions="{
"syntax": "js" }"
>
> which isn''t right.
>
> Fred
> > Thanks!
> > Ramon Tayag
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org<rubyonrails-talk%2Bunsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org>
> .
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.