I wonder on RoR, will there be a need sometimes to pass some data from
- var title = ______________ ;
What is the proper way to do it (fill in the code for ______________ )
if title can have newline character, or single / double quote or any
weird character. and what’s more, what if the title from database can
have tags, so the code need to do cross-site scripting (xss)
prevention, say, if the title needs to be set into a div’s innerHTML
- further more, what if we do
This case is more complicated, since I think there is a rule that says,
anything inside the attribute’s value will first be parsed by the
browser as HTML first, so this is a little trickier than case (1).
Any standard way in Rails to do it? Thanks.