Proper escaping


#1

Hello all,

I have a tricky issue with escape_javascript and render/render_to_string
I’m looking for some comments on. Brief background, I’m making a gmaps
interface and am trying to render a partial to a string in my controller
so I can pass it through to my maps object (a library) for handling.

To make this work I need to escape the text returned by the template.
However, I can’t do this right before passing it to the object, since
escape_javascript is only available in the view.

My next thought was to define a container template that did nothing but
escape the content, e.g.:

<%= escape_javascript render_to_string :partial => ‘inner_template’ %>

The problem with this is that render_to_string is only available to the
controller. So, I can’t escape after the fact, or render a string in
the
template, where I could escape it.

Anyone solved this short of re-implementing escape_javascript and making
that available to the controller?

Thanks as always for the help,

pt.

Parker T.
Professional
(w) http://placesite.com
© 510.541.0125


#2

Parker T. wrote:

escape_javascript is only available in the view.
Anyone solved this short of re-implementing escape_javascript and
making that available to the controller?

Thanks as always for the help,

You can invoke anny helper function through the @template instance
variable in the controller. So you’d write:

escaped_js = @template.escape_javascript(render_to_string(:partial =>
‘inner_template’))

HTH,

– stefan

http://railsexpress.de/blog


#3

On 12/8/05, Stefan K. removed_email_address@domain.invalid wrote:

You can invoke anny helper function through the @template instance
variable in the controller. So you’d write:

escaped_js = @template.escape_javascript(render_to_string(:partial =>
‘inner_template’))

Ah very interesting, thanks. And now for the follow-up…

What I’m trying to do is link_to remote and fetch some information
(profile), along with a form(comment form) that itself uses a
form_remote tag to submit. The form is fetched and looks properly
escaped, but when I try to submit I get js errors in firefox (included
below), though not in safari. In both cases though, clicking ‘submit’
uses a normal post rather than making an xmlhttp request.

I could work around this by pre-including a form and using my data
fetch to return some js that would fill some hidden fields (to
associate the profile with the comment), but that’s a poor work
around. I could see wanting to do this same thing, but return a form
with edit-in-place fields, which could not be worked around.

the gory details:

js error in firefox on submitting comment form:

Error: missing ) after argument list
Source Code:
g:function(request){$(‘mapped_place_add_comment_link’).value =
‘Adding…’; $(‘mapped_place_comment_link’.disabled = true;},
parameters:Form.serialize(this)}); return false;

js returned by the server to generate profile, including comment form:

$(‘map_current_place_profile’).innerHTML = '\n<div
id=“profile_container”>\n\n <div class=“sectionHeader”>\n
gghhjjkjk\n \n\n <div id=“profileBody”>\n sdfgghhh\n

\n\n\n\nComments\n\n\n\n\n
\n \n \n
\n \n\n \n\n\n

Title\n

\n\n

Body\n

\n\n\n\n \n\n \n \n \n \n
\n\n
\n\n\n';

Thanks,

pt.

Parker T.
http://www.parkert.com/
510.541.0125