This project is archived and is in readonly mode.
text_field helper escaping html_safe content in options hash
Reported by ipster | June 22nd, 2010 @ 08:46 PM
I am trying to add a data-attribute to a text_field by including it in the options hash:
<%= f.text_field(:foo, "data-bar" => "
rails is outputting:
instead of
even tried making entire helper html_safe, which didn't work
either:
<%= f.text_field(:foo, "data-bar" => "
Comments and changes to this ticket
-
ipster June 22nd, 2010 @ 08:54 PM
Forgot to format code - revised below:
I am trying to add a data-attribute to a text_field by including it in the options hash:
<%= f.text_field(:foo, "data-bar" => "<script>") %>rails is outputting:
<input data-bar="<script>"instead of
<input data-bar="<script>"even tried making entire helper html_safe, which didn't work either:
<%= f.text_field(:foo, "data-bar" => "<script>").html_safe %> -
Rohit Arondekar June 23rd, 2010 @ 02:38 AM
Can you please try the following and see if it works?
<%= f.text_field(:foo, "data-bar" => "<script>".html_safe) %>If it does work please update the ticket.
-
ipster June 23rd, 2010 @ 03:23 AM
oops my original ticket should read what you have:
and that didn't seem to work - does it work for you?<%= f.text_field(:foo, "data-bar" => "<script>".html_safe) %> -
Michael Koziarski June 23rd, 2010 @ 04:03 AM
that won't work given the current implementation, however we can probably fix it.
However before we prioritise it I'm intrigued, what's your actual use case here?
-
ipster June 23rd, 2010 @ 04:26 AM
Thanks Michael,
The "script" was the simplest example I could think of that didn't work, although it probably doesn't make a lot of sense as a practical exercise.
The real scenario is this - I'm using multiple jquery autosuggests (http://code.drewwilson.com/entry/autosuggest-jquery-plugin) on a single page that take json objects strings as "preFill" data, so wanted to put json strings in an html data- attribute instead of having to output each object individually in a JS call attached to a single autosuggest. Doing a model.to_json.html_safe still escapes my string.
-
Michael Koziarski June 23rd, 2010 @ 05:05 AM
The escaping is what you want though, if your json strings are in that attribute it will parse the HTML incorrectly. A single raw " or > in your attribute and your whole document will be messed up.
if the attribute contains " or < then your javascript code will see it as the decoded characters.
-
Rohit Arondekar June 23rd, 2010 @ 01:14 PM
ipster, in light of Michael's comment, please update the ticket if it can be closed.
-
ipster June 25th, 2010 @ 05:14 AM
The plugin doesn't seem to be able to handle escaped data, even when not within an attribute. I know this may be outside the scope of rails, but have any ideas why? doing an html_safe works.
-
-
David Trasbo October 10th, 2010 @ 03:14 PM
- State changed from “new” to “wontfix”
There's really no reason to fix this. Having the ability to insert unescaped HTML in attributes will just result in invalid, syntactically messed up HTML.
Marking this wont fix for now.
-
-
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
David Trasbo
ipster
Jeremy Kemper
Michael Koziarski
Rohit Arondekar
Ryan Bigg