i have a this string:
#html = "HELLO <script> alert("this code is from database")</script>"
in my file view .erb:
but dont work
is possible run this code with rails from string?
Bad practice, but it is possible
1 with html_safe
<%- #html.html_safe %>
2 with raw if your variable could be nil
raw(#html)
Related
I try to create my own SonarQube Widget and I have the following question ?
I want to save in a javascript variable the result of my Metrics. The problem is that I don't succeed to use Ruby on Rails with Javascript.
<script type="text/javascript">
var text = "<%= format_measure('sonar.metric.arcadsoftware.rpg.ruleset1') %>";
alert(text);
</script>
If I use just <p><%= format_measure('sonar.metric.arcadsoftware.rpg.ruleset1') -%> </p> the result is "True" on my widget.
So I want to store the String 'True' in my javascript variable text.
Thank you
I am making some ajax call and in my js.erb file I put
$("body").append(<%= escape_javascript(render("layouts/some_layout")) %>);
I had no output in my html file, but in my log, render("layouts/some_layout") is correctly called. So for debugging purpose, I put
$("body").append(<%= j "<div>test</div>" %>);
But this also output nothin. Why is it so ?
I guess you should have your erb code enveloped with quotation marks, otherwise you'll probably get JS syntax error:
$("body").append('<%= escape_javascript(render("layouts/some_layout")) %>');
I've got a HighCharts javascript that i'm trying to convert to CoffeeScript, using some online converters.
However all of them error out with "missing operand"
Here's the code
$(function() {
$('#container').highcharts({
series: [{
name: "<%= x %>'",
data: [
<% #sprice = #price * #quantity %>
<% 0.upto(#years).each do |stack| %>
<%= number_with_precision(#sprice, precision: 2) %>,
<% #sprice = ((#sprice*percentage)/100)+#sprice %>,
<% end %>]
}]
});
});
Where's the missing operand tho? Does it have something to do with embedded ruby inside my JS script?
Script is working as intended inside HTML view file. But i'm trying to move it into controller's js file to clean it up abit. Controller's js file is in coffescript by default, so that's where im kind of stuck.
Any help appreciated, thanks!
As noted above:
If #years is small
then ERB a couple simple scalars and then build the array in CoffeeScript;
If #years is large
then do the heavy lifting in your controller and stuff the data into your CoffeeScript as a one line JSON blob.
Or AJAX it or split the data out into a separate piece of JavaScript and leave the code as CoffeeScript.
References
CoffeeScript, TypeScript? How about JavaScript
I'm writing an app that uses Rails on the backend and javascript/backbone on the frontend. I'm trying to bootstrap some rails models into my javascript. Specifically, I'd like to load the contents of #courses into a js variable called window.courses. I've got the following in an html.erb file.
<%= javascript_tag do %>
window.courses = JSON.parse('<%= #courses.to_json %>');
<% end %>
I'm expecting the erb preprocessor to render this into valid javascript, like so
<script type="text/javascript">
//<![CDATA[
window.courses = JSON.parse('[{"code":"myCourseCode", ...
//]]>
</script>
... but, instead, I'm getting code that includes HTML entities.
<script type="text/javascript">
//<![CDATA[
window.courses = JSON.parse('[{"code":"myCourseCode", ...
//]]>
</script>
Obviously, I get javascript errors when I try to parse this.
Does anyone know how I can deal with these HTML entities in order to produce valid javascript? I realize that one option would be to unescape the entities on the client side, but this seems like a roundabout solution. Is there a way that I can get Rails to produce JSON that doesn't need unescaping?
If you intend to use raw(obj.to_json) you MUST ensure the following is set.
ActiveSupport.escape_html_entities_in_json = true
The question is solved by my comment, just for the record:
Rails escapes strings that are printed using <%= 'string' %>. By this, it is save to ouput user data.
So, if you don't want Rails to escape the output, you have to tell Rails explicitly by using raw('string').
In your code, that would be:
<%= raw(#courses.to_json) %>
My setup: Rails 3.0.9, Ruby 1.9.2, jQuery 1.6.2
Rails
constants.rb (initializer file)
DEFAULT_REPLY = "Add a reply..."
Rails
index.html.erb
<%= javascript_include_tag 'reply' %>
...(rest of view code)...
reply.js
$(function() {
var default_reply = <%= h DEFAULT_REPLY -%>;
...(rest of jQuery code)...
});
This throws an error Uncaught SyntaxError:Unexpected token %=, I tried to enclose it in quotes like var default_reply = '<%= h DEFAULT_REPLY -%>' and it output the value as is, meaning default_value has the value of <%= h DEFAULT_REPLY -%>' which is clearly not what I intended. What am I doing wrong?
EDIT
Given the feedback, I have reconsidered and is now using a local variable and jQuery to pull the value from the textarea upon page load.
You need to add .erb to the end of your .js file, along with add the quotes around the string.
The name of your javascript file should be reply.js.erb.
Currently, your .js file is not being run through rails, and is being served statically. That is why when you put the quotes around the string, it output the string '<%= h DEFAULT_REPLY %>' instead of the correct text.
I'd strongly recommend against this approach but I think you're confusing two things here.
Assuming reply.js is in public/javascripts/reply.js, this is a static JS file that is served up by your server. You cannot put any dynamic ("server side") code in here as the file is not evaluated in any manner, just passed back statically.
If you want a global JS variable to use in your files, you'd need to do assign it in your layout file app/views/layouts/application.html.erb or in your action files (index.html.erb, show.html.erb, etc).
Any ERB file is evaluated before returning it, so you could put
<script type='text/javascript'>
$(function() {
var default_reply = "<%= escape_javascript DEFAULT_REPLY %>";
});
</script>
above the <%= yield %> statement of your layout file.
Again, I'd STRONGLY recommend against this approach but if that's why you need, I think this will solve it.
It sounds like you named your view template incorrectly, does it end in .html.erb? If not, it won't evaluate the ERB fragment you pasted.
Once you fix that, you can embed what you want with the following ERB code:
$(function() {
var default_reply = "<%= h DEFAULT_REPLY -%>";
...
});
If it is a rails 3 App why are you using that syntax? try:
var default_reply = <%= DEFAULT_REPLY %>;