Menu
I have this line in a javascript block in a page:
res = foo('<%= @ruby_var %>');
What is the best way to handle the case where @ruby_var has a single-quote in it? Else it will break the JavaScript code.
529
I think I'd use a ruby JSON library on @ruby_var to get proper js syntax for the string and get rid of the '', fex.:
res = foo(<%= @ruby_var.to_json %>)
(after require "json"'ing, not entirely sure how to do that in the page or if the above syntax is correct as I havn't used that templating language)
(on the other hand, if JSON ever changed to be incompatible with js that'd break, but since a decent amount of code uses eval() to eval json I doubt that'd happen anytime soon)
178
Rails has method specifically dedicated to this task found in ActionView::Helpers::JavaScriptHelper called escape_javascript.
In your example, you would use the following:
res = foo('<%= escape_javascript @ruby_var %>');
Or better yet, use the j shortcut:
res = foo('<%= j @ruby_var %>');
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
