Comments (10)
i encountered this under the following circumstance:
create.js.erb:
jQuery('#someid').replaceWith("<%= escape_javascript(render :partial => 'some/partial', :object => some_obj)) %>");
when the render of the partial included "
Applying the fix @tnedlacer suggests in https://github.com/woodwardjd/remotipart/tree/address_encoding_problem_branch works. Haven't thought too deeply about it, though.
If this makes sense to include I'll initiate a pull request. If not, comments?
from remotipart.
Please pull request!!
from remotipart.
@tnedlacer if you're using a recent bundler you can:
gem "remotipart", "~> 1.0", :github => 'woodwardjd/remotipart', :branch => 'address_encoding_problem_branch'
temporarily :)
from remotipart.
I'm not sure this makes sense to pull in. Looking at @tnedlacer's original code, his output is what would be expected for me.
render :js => "alert('& & > > < < \" "')"
& & > > < < " " # this would be expected output
For the specific use-case where the developer is specifically mixing html entities and raw characters, it looks odd, but thinking of this in terms of returning something like "this is a string with a variable & it is: #{value}"
, where our hard-coded string has a raw character, while the value
may be passed from elsewhere and may be escaped. We use escape_once
instead of html_escape
(aka h
) so we don't end up with input like '& &amp; > &gt; < &lt; " &quot;'
.
from remotipart.
@tnedlacer : this seems related to my Issue #71. What does the patch in #72 do for your example?
from remotipart.
@yasirs It is the same as the fix I wanted.
woodwardjd@0b6fab7
ERB::Util.h == html_escape
from remotipart.
anyone having problems like this should review their code and search for escaped things like " getting rendered on the js response and change them to something like "
ie: my code was breaking because I was trying to render (via js) a partial that had something like this "#{foo.bar}" inside.
from remotipart.
I am able to reliably reproduce the problem I was seeing with the latest version of remotipart (1.0.5) and the test rails app in https://github.com/JangoSteve/Rails-jQuery-Demo/tree/remotipart
NOTE: as I look more closely, this appears to be a different problem than @tnedlacer's, though what fixes my situation might fix @tnedlacer's.
Here's how to reproduce. I need to move on to other stuff right now, and I bet @JangoSteve would be able to see what to do, if anything, right off the top of his head, so I'm not providing a patch unless requested, and I find some time.
$ git clone -b remotipart git://github.com/JangoSteve/Rails-jQuery-Demo.git
$ cd Rails-jQuery-Demo
$ bundle install
$ rake db:reset
$ rails s
Modify app/views/comments/create.js.erb
so the append()
function in the javascript is passed a string wrapped in double quotes (versus the default single quotes):
$('#comments').append( "<%= escape_javascript(
render @comment
) %>" );
Go to http://localhost:3000
and upload a comment with a file attachment. Everything works.
Now, add a "
somewhere in the comment partial app/views/comments/_comment.html.erb
like:
<td><%= comment.subject %>"</td>
Go to http://localhost:3000
, refresh and upload a comment with a file attachment. Doesn't work. The failure is in the decoding and execution of the javascript on the client side (check out the Network tab in your firebug/inspector).
Now, go back to app/views/comments/create.js.erb
and revert back to the default single quotes:
$('#comments').append( '<%= escape_javascript(
render @comment
) %>' );
Go to http://localhost:3000
, refresh and upload a comment with a file attachment. Works again.
Now, go replace that "
with a '
(ascii quote entity) in the comment partial:
<td><%= comment.subject %>'</td>
Go to http://localhost:3000
, refresh and upload a comment with a file attachment. Doesn't work. The failure is in the decoding and execution of the javascript on the client side.
So, unless I messed something up here, it would seem that the recipe is "don't have entities for double quotes in what you're escaping if you're using double quotes in the javascript", and the similarly for single quotes. I think remotipart shouldn't fail in this manner, but I don't have the time right now to think hard about a patch.
Note: I would have submitted rspec specs exercising this if the test suite had executed out of the box on my machine. It did after patching it for capybara/poltergeist
and slapping sleeps after each of the clicks. But I'm not about to upload that crap publicly ;)
from remotipart.
This should be fixed now from #72. Also, the test suite is behaving a bit better now. There were some issues with capybara and it's not waiting for ajax requests to finish like it's supposed to.
from remotipart.
Just a heads up that this isn't fixed. I'm having the same problem with a single quote in a js.erb file returned after a remotipart iframe submission. It seems like the root problem is that jQuery gets confused by the content type (because the response starts with <head>
and contains other html tags, assumes it is html/text, and then escapes it as such, replacing '
with a single quote and breaking the javascript. In my case, a response containing something like:
$('<div>Steve's</div>')
became $('<div>Steve's</div>')
I fixed the problem by changing my surrounding single quotes to double quotes, but in that case a double quote causes the same issue.
Remotipart version: 1.3.1
jQuery 1.12.4
from remotipart.
Related Issues (20)
- Rails 3.2 not working HOT 2
- Form with remote: true still send as HTML HOT 13
- Wrong HTML escaping for data type html HOT 3
- HTML response from js.erb HOT 1
- Rails 5 support HOT 6
- File Upload fields disappear on form validation failure HOT 2
- Rails 5.1.1 - Photo not displayed in the view when the latter is rendered in AJAX after a photo upload HOT 1
- remotipart response returned in browser POST response but is not inserted in to document when using cocoon gem? HOT 3
- ajax.complete is deprecated in jQuery 3+
- Is this Gem being maintained? HOT 2
- With web-console HOT 5
- Version 1.4.1 undefined local variable or method `controller' HOT 5
- Undefined local variable or method `controller` HOT 1
- Not getting the ajax:remotipartComplete event
- Add support for using via webpack HOT 1
- Not compatible with active_scaffold HOT 6
- Method whose arguments are used as raw SQL
- Depracation warning in Rails 6: Initialization autoloaded the constants ActionText::ContentHelper and ActionText::TagHelper. HOT 1
- Rails 6 / 6.1 deprecation warning for #content_type HOT 1
- DEPRECATION WARNING: render file: should be given the absolute path to a file
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from remotipart.