Rails upgrade from 2.3 to 3.2 javascript rendering as text
Question
Recently I am upgrading one of the rails app from 2.3 version to 3.2 version. And I am noticing a strange behavior in the javascript written in the html.erb files. This never happened before with other apps I have upgraded.
I am upgrading to Ruby 1.9.3 Rails 3.2.14
Currently jquery version is 1.4 and I would upgrade it 1.9 or 1.10 once the application is fully ported.
Here is the problem. Whenever we have some JS written in templates and this JS has greater then condition at some point then any JS code written after that is rendered as text on the page without any JS errors in firebug. I have attached the screen-shot please have a look.
And when I remove that JS code into a .js file then this problem disappears. I think is something has to ERB template parsing as the same code working fine in the rails 2.3 application.
In the screen shot the JS code rendered something like
" 0) jQuery("#li_" + caab_jurisdiction_name).show();..."
it starts wth something like this
"if (jQuery("#mortgage_product_group_econveyance_editions").attr("value").indexOf(caab_jurisdiction_value) > 0) jQuery("#li_" + caab_jurisdiction_name).show();..."
1 answers
solution1
0 2013-10-10 09:52:33
Rails 3.0+ has XSS protection by default, whereas in Rails 2.3 you need to use the helper h in order of use it.
To avoid it, you can use String#html_safe or the helper raw.
You can read more about it in this railscasts http://railscasts.com/episodes/204-xss-protection-in-rails-3 .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.