Dan Rubio Dan Rubio - 1 year ago 121
Javascript Question

How can I unescape and remove quot; from data served by rails into javascript

This question has been asked a few times on stackoverflow but I've yet to find a way how to unescape double quotes from a rails instance variable that I am trying to serve up in order for my highcharts to make use in my respective


Here is the code that I have:

class FooController < ApplicationController
def foo
@foo_bar = @foo.map { |f| f.version }

instance variable should return
. Instead I keep getting this
[&quot;1.2.3&quot;, &quot;3.0quot;,quot;4.5quot]
; and I can't seem to remove this. I've tried using Rail's
method but it still doesn't work. I've tried
and that didn't work either. Lastly, I tried to
the quotes and manually replace them with
and that didn't work either. Why won't the double quotes escape and how can I get this at the root of the problem? I've tried to solve this both server and client side but to no avail. Does anyone have anymore suggestions?

Answer Source

You're inlining data that's being treated as HTML "unsafe", so you have to declare it as safe in your template.

<%= @foo_bar.to_json.html_safe %>

Note that when you declare something as "safe" that means you're confident you're not exposing yourself to XSS attacks because you're using some other escape method. In your case make sure you're emitting properly escaped JavaScript or JSON.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download