本文介绍了如何逃避,同时渲染js.coffee文件以响应操作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个控制器操作,响应一个.js.coffee文件,这应该是在我的版本的Rails 3.2.12支持。问题是解析中的某些东西允许用户提供的数据导致javascript失败。我已经简化了这样的示例:



action.js.coffee文件:

 code> $('my_container')。append(<%= j render(:partial =>'my_partial')%>)

my_partial.html.erb文件只包含一行不应插入的行:

 #{这不应该被评估}
  $('my_container')。append(\+ ))+\\\\
\\\
);

哇!到底是怎么回事?我可以通过删除.coffee的文件名,但这似乎是一个bug与Rails解决这个问题。

解决方案

通过更改js.coffee文件中的双引号解决了问题,但我仍然不确定它的一个错误。希望这将帮助别人!



已更改:



$('my_container' ).append(<%= j render(:partial =>'my_partial')%>)



/ p>


$('my_container')。append('<%= j render(:partial =>'my_partial') %>')


I have a controller action that responds with a .js.coffee file, which is supposed to be supported in my version of Rails 3.2.12. The problem is that something in the parsing is allowing user provided data to cause the javascript to fail. I've simplified the example like this:

action.js.coffee file:

$('my_container').append("<%= j render(:partial => 'my_partial') %>")

my_partial.html.erb file contains just one line that should NOT be interpolated:

"#{this should not be evaluated}"

The javascript that actually gets rendered

$('my_container').append("\"" + (this(should(!be(evaluated)))) + "\"\n\n");

Whoa! What is going on? I can fix the problem by dropping the .coffee off of the filename, but this seems like a bug with Rails?

解决方案

I solved the problem by changing the double quotes in the js.coffee file, but I'm still not sure its a bug. Hopefully this will help someone else!

Changed:

$('my_container').append("<%= j render(:partial => 'my_partial') %>")

to

$('my_container').append('<%= j render(:partial => 'my_partial') %>')

这篇关于如何逃避,同时渲染js.coffee文件以响应操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-10 12:44