noli
Reputation: 15996
How can I make rails rails_xss stop escaping my in template Javascript?
I am working on a Rails 2.3 project with alot of javascript in the templates, and we just installed rails_xss. However, we're noticing that the raw javascript in the templates is now getting HTML escaped.
Example: _partial.html.erb
<script type="text/javascript">
if (true == true) && (1 == 1) {
}
</script>
is getting rendered as in _partial.html.erb
<script type="text/javascript">
if (true == true) && (1 == 1) {
}
</script>
Whats causing this, and how can we make it render correctly?
Thanks
Upvotes: 1
Views: 169
Answers (1)
antyrat
Reputation: 27765
Use the raw helper:
<%= raw "if (true == true) && (1 == 1) {" %>
or html_safe:
<%= "if (true == true) && (1 == 1) {".html_safe %>
Upvotes: 2
Related Questions
- How to use variable in javascript escape_javascript rails?
- escape_javascript and single quotes
- How to fix escaping of HTML after rails upgrade from Rails 2 to Rails 3
- Escaping HTML in Rails
- Escaping quotes from Rails Variables when using them for Javascript?
- Protecting from XSS in escape_javascript() output in Rails
- escape_javascript not working properly in Rails
- How to escape javascript-generated html in Rails?
- ruby on rails/javascript - errors with escaping html characters
- Escape_javascript problem