I'm trying to escape HTML content from the db to JSON data. But JSON keys are escape too. Here is an example :
data : { :content => "<script>alert('SOF');</script>" }
and in the view :
h(@data.to_json).html_safe -> [{"content":"<script>alert('SOF');</script>"}]
Thanks for you help.
I think your h
is getting in the way. Try just @data.to_json.html_safe
.
For a ton of information about putting HTML in strings in Rails (3), see my blog entry: Presenter Pattern, Rails 3 and HTML Safe . (It's still useful even if you don't care about the presenter pattern).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.