Problems passing special chars with observe_field

Question

I am working on a rails project. Using the tag observe_field, I am taking text typed into a text area, processing it in a control, and displaying the result in a div (very similar to the preview in stack overflow). Everything works fine until I type certain special chars.

1. ? => causes the variable not to be found in the params object
2. (pound) => causes an invalid authenticity error
3. % => stops the div from being updated
4. & => every thing after the & is no longer passed into the variable on the server.

Is there a way to solve this?

--- code sample ---

this is the view. ( 'postbody' is a text area)

<%= observe_field 'postbody', 
        :update => 'preview', 
        :url => {:controller => 'blog', :action => 'textile_to_html'},
        :frequency => 0.5,
        :with => 'postbody' -%>

this is the controller that is called

def textile_to_html
    text = params['postbody']
    if text == nil then 
        @textile_to_html = '<br/>never set'
    else 
        r = RedCloth.new text
        @textile_to_html = r.to_html
    end 
    render :layout => false 
end

and this is the javascript that is created:

new Form.Element.Observer('postbody', 0.5, function(element, value) {new Ajax.Updater('preview', '/blog/textile_to_html', {asynchronous:true, evalScripts:true, parameters:'postbody=' + value + '&authenticity_token=' + encodeURIComponent('22f7ee12eac9efd418caa0fe76ae9e862025ef97')})})

Answer 1

Can you provide a code sample?

More likely than not you'll just need to escape your HTML entities using encodeuri or something like that.

Answer 2

What does the generated Javascript look like?

Sounds (at first glance) like it's not being escaped.

Answer 3

This is an escaping issue (as stated by others).

You'll want to change your observe_field :with statement to something like:

  :with => "'postbody=' + encodeURIComponent(value)"

Then in your controller:

def textile_to_html
  text = URI.unescape(params['postbody'])
  ...