-
Notifications
You must be signed in to change notification settings - Fork 215
-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Remote javascript with " is not executed #89
Comments
Btw, the following workaround works for me (at least I have not found any issues with it yet, though it may cause problems):
But it works only in my particular case and that is not a universal solution. |
I went deeper into this and it seems like the actual hacky fix is gsub, but not replacement of
|
I came across similar thing. But I think this is not related to rails or remotipart but to the jquery.iframe-transport. As you mentioned:
So what happens is that reponse arrives to the browser with html entity (like This is my example response from server that causes the error:
|
@asok @JangoSteve I think another way out is to escape html entities differently in remotipart's lib/remotipart/render_overrides.rb, but I'm not sure if it's possible. I mean escape
as
this is exactly what I do with the above mentioned piece of code:
|
my only solution is to close <textarea> and open an other. It's works but it's not very sexy XD </textarea>
<script>
alert('it work');
</script>
<textarea> but Jquery is not recognized...
|
Is there a test someone could write for this by any chance? The tests for remotipart are located here. |
This is definitely a problem today, workaround mentioned by dhampik works. |
Ugly workaround, but I appreciate it. Thank you gentlemen. |
I have a similar issue when uploading a file. Apostrophes in my javascript are encoded as html entities, but the JS doesn't execute when embedded in the texteara. Via a normal form save, the javascript executes fine though. // the text of the option when rendered should be test'string
$element.html('<option value=\"912\">test'string<\/option>'); |
If the javascript contains or (newline characters) is also fails to execute the JS properly. Does anybody have a more reliable solution to dealing with all of these html entities that cause problems? |
This seems to work at the moment... template_html = render('template')
template_html = template_html.gsub(''',"'").gsub('&','&') if remotipart_submitted?
escaped_html = j(template_html) |
Still no fix for this? Can't make it work with HAML. |
Hi @JangoSteve, |
Just to chime in, I'm having trouble with this bug as well. Jquery-rails 2.3.0 and the latest Remotipart. I've read thread after thread about this error, and all I've found are messy workarounds. |
Got the same issue. When I change "can't" to "can not" (string without apostrophe) in |
<% if remotipart_submitted? %> that worked for me ! Thank you! |
I like panSarin solution, thank you! less code than gsub, not sure about perfomance though. I really hope this nasty glitch will be fixed in future version of remotipart. |
@JangoSteve you haven't participated to this conversation since 2013, are you still participating to remotipart? Thanks in advance |
@randoum You're right, life seems to be getting in the way. Is there a pull request anyone has submitted for this that I could look at and merge in? |
@JangoSteve Nop there's no pull request, I was about to submit one, then I decided to go another direction. |
That would be awesome, if anyone wants to volunteer. |
*I should mention, I do have someone else who's helping maintain the project, though I think they got a bit busy themselves. Looks like @esbanarango is back in action 😄 |
@randoum Could you go ahead and make that PR? I'll check as soon as possible. |
Sorry @esbanarango I already migrated my code to use another solution, so I don't have an experimentation zone anymore |
$('.form-wrapper').html("<%= j "#{render('form')}" %>"); This solution worked well for me. |
+1 for string interpolation:
|
Thanks guys, this workes
|
My initial solution was the following <% if remotipart_submitted? %>
$(".form-wrapper").html("<%= j "#{render 'form' %>");
<% else %>
$(".form-wrapper").html("<%= j render 'form' %>");
<% end %> Which led me to the creation of the following monkey patch: # config/initializers/remotipart_escape_javascript_patch.rb
if defined?(Remotipart)
module Remotipart
module EscapeJavascriptFix
def escape_javascript(javascript)
if remotipart_submitted?
super("#{javascript}")
else
super
end
end
alias_method :j, :escape_javascript
end
end
ActiveSupport.on_load :action_view do
ActionView::Base.send(:include, Remotipart::EscapeJavascriptFix)
end
end Now you can simply do: $(".form-wrapper").html("<%= j render 'form' %>"); I would be happy to make a PR for this. Also if help is needed for maintaining this plugin I am interested. |
For anyone else using |
I'm using remotipart gem in conjuction with nested_form gem.
And javascript response from the server (which is inside form.js.erb) is not executed.
I studied how remotipart works and did a lot of debugging and found out the root of evil.
Unfortunately I don't know how to fix it.
So, here is the case:
The above javascript response from the server will not be executed on the client! Because there is
"
symbol!And this is exactly what happens if you are using remotipart+nested_form. Nested form gem produces a piece of html with data-attribute on hidden div which contains the template for newly created items which added with javascript. And this template contains
"
symbol.Why this is happening with remotipart?
I guess, because it wraps actual javascript in
<textarea>
tag and when this textarea contents are extracted by javascript the"
symbols are converted into "The text was updated successfully, but these errors were encountered: