将HTML从控制器传递到Javascript的正确方法是什么?
[英]What is the proper way of passing HTML from the controller to Javascript?
问题描述
In my application, I let users input annotations, which are potentially unsafe. 
在我的应用程序中,我让用户输入可能不安全的注释。 When I render them in my view, the following shows the annotation nicely: 当我在视图中渲染它们时,以下内容很好地显示了注释:
<%= simple_format h annotation.body %>
It preserves line breaks but also escapes HTML properly. 它保留换行符,但也可以正确地转义HTML。 Now, I need to render this body in an overlay, which is created by Javascript. 现在,我需要在由Javascript创建的叠加层中呈现此主体。 Right now, I fetch my annotations through JSON by calling the following from the controller: 现在,我通过从控制器调用以下命令来通过JSON获取注释:
def index
# ...
respond_to do |format|
format.json { render :json => @annotations }
end
end
And create the overlay like this (very simplified example): 然后像这样创建叠加层(非常简化的示例):
$.getJSON(this.annotations_url, function(data) {
$.each(data, function(key, val) {
annotation = val;
this.div_body.html(annotation.body);
// ...
Of course, the resulting HTML will not be escaped properly and the line breaks aren't preserved as well. 当然,生成的HTML将无法正确转义,并且也不会保留换行符。
Now, I don't feel like using pure Javascript to do the escaping and line break conversion because it feels like I wouldn't be DRYing a lot if I did so. 现在,我不希望使用纯Javascript进行转义和换行转换,因为如果这样做,我感觉我不会干很多。 It seems hard to maintain and clutters the whole code. 似乎很难维护并使整个代码混乱。
Can't I somehow send the safe HTML body from the controller through JSON? 我不能以某种方式通过JSON从控制器发送安全的HTML正文吗? It looks as if the ERB simple_format and h methods are only available in views. 看来ERB simple_format和h方法仅在视图中可用。
Or should I really do everything in Javascript? 还是我真的应该用Java做所有事情?
2 个解决方案
解决方案1
1 已采纳 2012-05-13 11:01:49
I think you can use the helpers every where just calling them by their long name: 我认为您可以在所有使用helpers地方使用它们的长名称:
ActionController::Base.helpers.simple_format str
ERB::Util:: html_escape str
Once you have this you can customize your Model.to_json behavior to include an already parsed version of the Model.body . 一旦有了这个,您就可以自定义Model.to_json行为,以包含已经解析的Model.body版本。
Of course there are two problems with this approach: 当然,这种方法有两个问题:
- Rails dependency in your Model 模型中的Rails依赖性
- Adding View behavior in your Model 在模型中添加视图行为
But sometimes trying to avoid these issues is bringing more complexity than clarity. 但是有时候,试图避免这些问题带来的复杂性超过了清晰度。
解决方案2
0 2012-05-13 10:53:16
You can return JSON from erb templates just as you would for html. 您可以像使用html一样从erb模板返回JSON。 Instead of returning JSON in the controller, let it fall through doing no rendering, just like html responses. 与其在控制器中返回JSON,不如像html响应那样使其不进行任何渲染。 Instead of naming the view index.hmtl.erb, name it index.json.erb. 不用命名视图index.hmtl.erb,而是将其命名为index.json.erb。
I'm not sure that's the best cleanest way. 我不确定这是最好的清洁方法。 It is the only way Rails has provided simple_format for responses html or other. 这是Rails为html或其他响应提供simple_format的唯一方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.