I have a helper that include JS file contents into my view (for per-
view JS injections).
For some reason (render :file => "inject/#{filename}.js") %
[ "foo" ]
combined with string formatting, assuming there's a replacement
pattern %s in {filename}.js, replaces all double quotes that were met
in {filename}.js to "
It doesn't escape single quotes, and doesn't even escape double quotes
when using no replacement pattern.
I'm also using haml concat, but I just covered it with a spec, and
everything looks nice, so it's apparently not a haml bug:
assert_equal("foo \"foobar\" bar\n", render("- haml_concat('foo \\
\"%s\\\" bar' % [ \"foobar\" ])"))
And it's not pure Ruby issue, which I checked too.
Is there some mechanism in Rails that may force symbols to be HTML-
encoded in case of replacement? It may also be a bug.
Thank you!
I have a helper that include JS file contents into my view (for per-
view JS injections).
Don't ever do that! JS does not belong in your HTML.
For some reason (render :file => "inject/#{filename}.js") %
[ "foo" ]
combined with string formatting, assuming there's a replacement
pattern %s in {filename}.js, replaces all double quotes that were met
in {filename}.js to "
It doesn't escape single quotes, and doesn't even escape double quotes
when using no replacement pattern.
That is correct HTML escaping.
[...]
Is there some mechanism in Rails that may force symbols to be HTML-
encoded in case of replacement? It may also be a bug.
Thank you!
Rails 3 HTML-escapes strings by default. You can turn it off, or
declare a particular string as safe, but in this case the better
solution would be to fix your design problem: put your JS and HTML in
separate files.