Safely Passing Ruby Variables to JavaScript in ERB – code.dblock.org | tech blog
01-Nov-2024 113
A user reported a bug in Slava, a bot that syncs Strava activities to Slack, where they couldn’t subscribe to the paid version because their Slack team name contained a quote. That was a rookie mistake on my part in HTML escaping that almost cost me $9.99. Interestingly, it required a rather non-trivial fix.
The bot’s code extensively uses ERB, the standard Ruby templating system. The implementation attempts to render a team name in bold. The recommended way to do this is to combine .html_safe with the displayed value.
Safely Passing Ruby Variables to JavaScript in ERB – code.dblock.org | tech blog #ruby #rubydeveloper #rubyonrails #Safely #Passing #Variables #JavaScript #code.dblock.org #blog #code.dblock.org #javascript https://rubyonrails.ba/link/safely-passing-ruby-variables-to-javascript-in-erb-code-dblock-org-tech-blog