I've fiddled with the syntax slightly (eg, ' vs " vs \") but the best I
seem to get is an "Illegal XML character" error from firebug, citing the
erb tag above, which tag worked fine in the page source itself.
How can *use DOM* to set an "onclick" method to rails/Erb function?
After googling for a bit I now believe that you simply *cannot* put erb
tags in a .js file.
I managed to get around this by rewriting the DOM as html and putting it
in a partial, such that the (different) onclick that was supposed to
call a js function with erb in it now calls an erb function with a js
function in it...
After googling for a bit I now believe that you simply *cannot* put erb
tags in a .js file.
Normal js files are just served as-is (and if you have set things up
right never even touch rails at all (ie they are server directly by
nginx or apache)).
if you have an action that renders a .js.erb template you'll get what
you want.
I managed to get around this by rewriting the DOM as html and putting it
in a partial, such that the (different) onclick that was supposed to
call a js function with erb in it now calls an erb function with a js
function in it...
but if anyone knows how to do what I have in the OP, please lemme know
for future reference.
Also, is there a way to call "render" from within remote_function(:url
=> {}) so I can skip the controller function that calls render?
Nope. remote_function just generates a blob of javascript that calls
an appropriate controller action
def rendpart
render :partial => params\[:part\]
end
I have a sneaking suspicion that would allow an attacker to read any
file on your hard disk (by passing the absolute path to the file as
params[:part])
I even grepped through the API for "\.js\.erb" and it's not in there
even once...perhaps the suffix recently changed? Anyway, any pointers
to reading material here would be much appreciated.
template extensions have two parts: the js (or html, or something
else) tells rails what you are producing. the second part tells rails
what should be use to render it: erb, haml, markaby, builder etc...
js.erb just means 'this is javascript and you should run it through
erb first). Other than that there's not a whole lot to explain.
I am just working at home while learning anyway. I was surprised when I
noticed I get unrestricted access to the filesystem by default; I
presume WEBrick was not intended for security. I would assume that
if/when I put something up on a real server, they will not be permitting
that possibility if it can be prevented? Otherwise I'm surprised anyone
hosts Rails at all...but further thoughts from anyone would be welcome.
that's up to you really. Run your app code as a user that doesn't have
access to more than it needs to.
How can *use DOM* to set an "onclick" method to rails/Erb function?
There's a pattern I use quite often when I have to pass a value from a
Rails calculation to JS. Put the value in a hidden element, then have
the JS look at the value of that element. In your case: