Frederick Cheung wrote: > On Apr 8, 6:00�pm, Robert Walker <rails-mailing-l...@andreas-s.net> > wrote: >> SpringFlowers AutumnMoon wrote: >> me</a> >> >> However, I think you're right about the format of the string object. >> HTML escape won't provide what you want so you probably need to write >> your own sanitizing helper and use that in place of html_escape (h) >> helper. A quick-and-dirty one I came up with was >> my_var.gsub(/[\n\'\"<>]/, ""). I'm sure that's probably not >> comprehensive, but does seem to take care of the issues mentioned here. > > I normally use to_json > > Fred
i think to_json is more like a transition to the Javascript realm... however, isn't it true that if we ever need to set the title into the div's innerHTML, then we also need to sanitize it? so to_json(h(title)) ? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---