I have been looking at this Railscast , specifically these lines of code.
// views/reviews/create.js.erb
$("#new_review").before('<div id="flash_notice"><%= escape_javascript(flash.delete(:notice)) %></div>');
$("#reviews_count").html("<%= pluralize(@review.product.reviews.count, 'Review') %>");
$("#reviews").append("<%= escape_javascript(render(:partial => @review)) %>");
$("#new_review")[0].reset();
Could someone explain why escape_javascript has been used for rendering a partial, and displaying a flash notice, but not for the pluralize function?
Thanks
There are only a couple of possible outputs from pluralize(@review.product.reviews.count, 'Review')
0 Reviews
1 Review
n Reviews
No output of that would ever need to be escaped, so the writer chose not to do so.
Escaping javascript will change <div id="yo">You're Awesome</div>
into text that won't cause the javascript interpreter to think the quotes end your string variable.
If you were to type in
var awesome = "<div id="yo">You're Awesome</div>";
It would blow up. The quotes need to be "escaped" into
<div id=\"yo\">You\'re Awesome<\/div>
You are sending raw javascript response back to browser, which is what jQuery.ajax({type:"script"}) command expects.
In order to replace the HTML in a page with HTML from AJAX response, it needs to be escaped so it can be sent as javascript; thus the use of escape_javascript.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.