I wonder on RoR, will there be a need sometimes to pass some data from
1) var title = ______________ ;
What is the proper way to do it (fill in the code for ______________ )
if title can have newline character, or single / double quote or any
weird character. and what's more, what if the title from database can
have <script> tags, so the code need to do cross-site scripting (xss)
prevention, say, if the title needs to be set into a div's innerHTML
2) further more, what if we do
<a href="#" onclick="changeIt(______________); return false;">Click
This case is more complicated, since I think there is a rule that says,
anything inside the attribute's value will first be parsed by the
browser as HTML first, so this is a little trickier than case (1).
Any standard way in Rails to do it? Thanks.