Javascript rendering text instead of HTML

I have an app that I am working on and what I did was added a set of filters on the index page that allows me to use Ajax to filter the result set. The filters pass through to the controller index method. That works beautifully however I ran into a cross site scripting error with pagination.

I added protect_from_forgery unless: -> { request.format.js? } however my js file that renders the partial now comes back as text instead of HTML.

Here is the line in my index.js.erb that renders the partial...

$("#training_listing").empty().html("<%= j render "listing" %>");

If I take out the protect_from_forgery and I click on the next page for pagination it gives me the cross site scripting error. If I put it in I get the text rendering if I click on the next page.

Scratching my head as I am not sure how to get around this.

Anyone have any insight?

I'll send along anything you might need to see. Didn't want to clutter the message with unneeded files..


Actually, what it appears to be doing is not executing the javascript. The js file just shows as text.

I assume this is due to the protection_from_forgery but can anyone point me in the right direction to fix this?