The escape_javascript method in ActionView escapes the apostrophe ' as backslash apostrophe \', which gives errors when parsing as JSON.
ActionView中的escape_javascript方法转义撇号' as backslash apostrophe \',它将在解析JSON时出错。
For example, the message "I'm here" is valid JSON when printed as:
例如,“我在这里”的消息打印为:
{"message": "I'm here"}
But, <%= escape_javascript("I'm here") %> outputs "I\'m here", resulting in invalid JSON:
但是,<%= escape_javascript("I'm here") %>输出"I\'m here",导致无效JSON:
{"message": "I\'m here"}
Is there a patch to fix this, or an alternate way to escape strings when printing to JSON?
是否有补丁可以修复这个问题,或者在打印到JSON时有另一种转义字符串的方法?
4 个解决方案
#1
10
Just call .to_json on a string and it will be escaped properly e.g.
只要在字符串中调用.to_json,它就会被正确地转义。
"foo'bar".to_json
#2
6
I ended up adding a new escape_json method to my application_helper.rb, based on the escape_javascript method found in ActionView::Helpers::JavaScriptHelper:
最后我向我的application_helper添加了一个新的escape_json方法。rb,基于ActionView中发现的escape_javascript方法::helper:::
JSON_ESCAPE_MAP = {
'\\' => '\\\\',
'</' => '<\/',
"\r\n" => '\n',
"\n" => '\n',
"\r" => '\n',
'"' => '\\"' }
def escape_json(json)
json.gsub(/(\\|<\/|\r\n|[\n\r"])/) { JSON_ESCAPE_MAP[$1] }
end
Anyone know of a better workaround than this?
有谁知道有比这个更好的方法吗?
#3
5
I had some issues similar to this, where I needed to put Javascript commands at the bottom of a Rails template, which put strings into jQuery.data for later retrieval and use.
我有一些类似的问题,我需要在Rails模板的底部放置Javascript命令,将字符串放入jQuery。用于以后检索和使用的数据。
Whenever I had a single-quote in the string I'd get a JavaScript error on loading the page.
每当我在字符串中有一个单引号时,就会在加载页面时得到一个JavaScript错误。
Here is what I did:
我所做的是:
-content_for :extra_javascript do
:javascript
$('#parent_#{parent.id}').data("jsonized_children", "#{escape_javascript(parent.jsonized_children)}");
#4
3
May need more details here, but JSON strings must use double quotes. Single quotes are okay in JavaScript strings, but not in JSON.
这里可能需要更多细节,但是JSON字符串必须使用双引号。单引号在JavaScript字符串中是可以的,但在JSON中是不行的。
#1
10
Just call .to_json on a string and it will be escaped properly e.g.
只要在字符串中调用.to_json,它就会被正确地转义。
"foo'bar".to_json
#2
6
I ended up adding a new escape_json method to my application_helper.rb, based on the escape_javascript method found in ActionView::Helpers::JavaScriptHelper:
最后我向我的application_helper添加了一个新的escape_json方法。rb,基于ActionView中发现的escape_javascript方法::helper:::
JSON_ESCAPE_MAP = {
'\\' => '\\\\',
'</' => '<\/',
"\r\n" => '\n',
"\n" => '\n',
"\r" => '\n',
'"' => '\\"' }
def escape_json(json)
json.gsub(/(\\|<\/|\r\n|[\n\r"])/) { JSON_ESCAPE_MAP[$1] }
end
Anyone know of a better workaround than this?
有谁知道有比这个更好的方法吗?
#3
5
I had some issues similar to this, where I needed to put Javascript commands at the bottom of a Rails template, which put strings into jQuery.data for later retrieval and use.
我有一些类似的问题,我需要在Rails模板的底部放置Javascript命令,将字符串放入jQuery。用于以后检索和使用的数据。
Whenever I had a single-quote in the string I'd get a JavaScript error on loading the page.
每当我在字符串中有一个单引号时,就会在加载页面时得到一个JavaScript错误。
Here is what I did:
我所做的是:
-content_for :extra_javascript do
:javascript
$('#parent_#{parent.id}').data("jsonized_children", "#{escape_javascript(parent.jsonized_children)}");
#4
3
May need more details here, but JSON strings must use double quotes. Single quotes are okay in JavaScript strings, but not in JSON.
这里可能需要更多细节,但是JSON字符串必须使用双引号。单引号在JavaScript字符串中是可以的,但在JSON中是不行的。