Alex P wrote in post #961467:
> Hi,
>
> I have a helper that include JS file contents into my view (for per-
> view JS injections).
Don't ever do that! JS does not belong in your HTML.
>
> For some reason (render :file => "inject/#{filename}.js") %
> [ "foo" ]
> combined with string formatting, assuming there's a replacement
> pattern %s in {filename}.js, replaces all double quotes that were met
> in {filename}.js to "
>
> It doesn't escape single quotes, and doesn't even escape double quotes
> when using no replacement pattern.
That is correct HTML escaping.
[...]
> Is there some mechanism in Rails that may force symbols to be HTML-
> encoded in case of replacement? It may also be a bug.
> Thank you!
Rails 3 HTML-escapes strings by default. You can turn it off, or
declare a particular string as safe, but in this case the better
solution would be to fix your design problem: put your JS and HTML in
separate files.
Best
--
Marnen Laibow-Koser
http://www.marnen.org
mar...@marnen.org
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-t...@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
