Hi,
I have a helper that include JS file contents into my view (for per-
view JS injections).
For some reason (render :file => "inject/#{filename}.js") %
[ "foo" ]
combined with string formatting, assuming there''s a replacement
pattern %s in {filename}.js, replaces all double quotes that were met
in {filename}.js to "
It doesn''t escape single quotes, and doesn''t even escape
double quotes
when using no replacement pattern.
I''m also using haml concat, but I just covered it with a spec, and
everything looks nice, so it''s apparently not a haml bug:
assert_equal("foo \"foobar\" bar\n", render("-
haml_concat(''foo \\
\"%s\\\" bar'' % [ \"foobar\" ])"))
And it''s not pure Ruby issue, which I checked too.
Is there some mechanism in Rails that may force symbols to be HTML-
encoded in case of replacement? It may also be a bug.
Thank you!
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Alex P wrote in post #961467:> Hi, > > I have a helper that include JS file contents into my view (for per- > view JS injections).Don''t ever do that! JS does not belong in your HTML.> > For some reason (render :file => "inject/#{filename}.js") % > [ "foo" ] > combined with string formatting, assuming there''s a replacement > pattern %s in {filename}.js, replaces all double quotes that were met > in {filename}.js to " > > It doesn''t escape single quotes, and doesn''t even escape double quotes > when using no replacement pattern.That is correct HTML escaping. [...]> Is there some mechanism in Rails that may force symbols to be HTML- > encoded in case of replacement? It may also be a bug. > Thank you!Rails 3 HTML-escapes strings by default. You can turn it off, or declare a particular string as safe, but in this case the better solution would be to fix your design problem: put your JS and HTML in separate files. Best -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.