I have this line in a javascript block in a page:
res = foo('<%= @ruby_var %>');
What is the best way to handle the case where @ruby_var has a single-quote in it? Else it will break the js code.
views:
907answers:
5
+1
A:
@ruby_var.gsub(/[']/, '\\\\\'')
That will escape the single quote with an apostrophe, keeping your Javascript safe!
Also, if you're in Rails, there are a bunch of Javascript-specific tools.
Max
2008-09-20 00:13:10
What if there was a \ already in the code? You need to escape \ before you escape '.
2008-09-20 00:26:41
i think bentilly is right
Yoni Baciu
2008-09-20 00:34:23
yeah, to handle bentilly's case you need: `@ruby_var.gsub(/['\\]/, '\\\\\0')`
rampion
2008-09-20 13:41:09
+5
A:
I think I'd use a ruby JSON library on @ruby_var to get proper js syntax for the string and get rid of the '', fex.:
res = foo(<%= @ruby_var.to_json %>)
(after require "json"'ing, not entirely sure how to do that in the page or if the above syntax is correct as I havn't used that templating language)
(on the other hand, if JSON ever changed to be incompatible with js that'd break, but since a decent amount of code uses eval() to eval json I doubt that'd happen anytime soon)
TFKyle
2008-09-20 00:29:09
Rails already comes with String#to_json, so you don't even need to include any libraries: http://api.rubyonrails.com/classes/Object.html#M000022
nertzy
2008-10-11 21:54:45
+1
A:
Could you just put the string in a double-quote?
res = foo("<%= @ruby_var %>");
Toby Hede
2008-09-20 02:24:45
A:
I don't work with embedded Ruby too much. But how about using p (which invokes inspect) instead of <%= which might be doing something like print or puts. p always prints the string as if it were code wrapped in double quotes:
>> p "String ' \" String"
"String ' \" String"
# => nil
>> p 'alpha " \' alpha'
"alpha \" ' alpha"
# => nil
Joseph Pecoraro
2008-09-20 15:06:16
+1
A:
You can also use inspect assuming you know it'll be a single quote:
res = foo(<%= @ruby_var.inspect %>);
Caged
2008-10-10 17:34:53