I currently have a simple method in my application_helper.rb file, which is designed to add a link that will add some a new field to a form when clicked. It looks like:
def link_to_add_fields(type, object_form_builder)
link_to type, "#", "data-partial" => h(render(:partial => type + '/form',
:locals => {type.singularize.to_sym => object_form_builder,
:form_actions_visible => false})),
:class => 'add_fields'
end
I'm having a problem with this code, namely that the partial that should be getting added to the data-partial html attribute is being escaped (presumably by quotes somewhere in the rendered html). I was of the understanding that h() should prevent this, but it doesn't seem to be doing so. Can anyone suggest how to escape this?
EDIT: I tried using the html_safe method as described below, but to no avail. I have managed to get it to escape by doing:
"data-partial" => "'" + render(:partial => type + '/form', :locals => {type.singularize.to_sym => object_form_builder, :form_actions_visible => false}) + "'"
but i'm not sure how safe this is?
EDIT 2: escaping using single quotes is no good - although it escapes the html, it outputs the quotes when the partial is rendered, which is not desirable. Still looking for any ideas on how to escape the html successfully when rendering the partial.
Try an .html_safe method
def link_to_add_fields(type, object_form_builder)
link_to type, "#", "data-partial" => h(render(:partial => type + '/form',
:locals => {type.singularize.to_sym => object_form_builder,
:form_actions_visible => false})).html_safe,
:class => 'add_fields'
end
Related
I am replacing some Spree core template code with Deface and it all works well until I try to make it a bit more custom.
Deface::Override.new(
:virtual_path => "spree/shared/_products",
:replace => "span.price",
:text => "<%= link_to truncateproduct.display_price + '<span class=\"purchase-suggestion\">BUY NOW</span>', :length => 20), product, :class => 'price selling', :itemprop => \"price\", :title => product.name + ': ' + product.display_price %>",
:name => "product_price"
)
Above I am aiming to make the price text a link, and also include a 'BUY NOW' text wrapped in a span for individual styling purpose.
This renders this way:
$15.99<span class="purchase-suggestion">BUY NOW</span>
How can I make Deface evaluate the HTML instead of writing the string?
I have tried doing this in two steps by making two different Deface files, one where I swap the span for the link, and another where I add the span to :insert_bottom. It seems to me it is not possible to use Deface to change the same element twice - is this correct?
Solution
Thanks for answer and conversation in channel. This is the solution:
Deface::Override.new(
:virtual_path => "spree/shared/_products",
:replace => "span.price",
:text => "<%=
link_to ('<span>' + product.display_price + '</span> <span class=\"purchase-suggestion\">BUY NOW</span>').html_safe, product,
:class => 'price selling',
:itemprop => 'price',
:title => product.name + ': ' + product.display_price
%>",
:name => "product_price"
)
.truncate was used for no reason, .html_safe did the job.
Your issue here is with truncate. The result is not marked as HTML-safe, so will be subject to the default escaping when used in views, unless wrapped by raw(). Care should be taken if text contains HTML tags or entities, because truncation may produce invalid HTML (such as unbalanced or incomplete tags).
http://apidock.com/rails/ActionView/Helpers/TextHelper/truncate
I have a tooltip that use this html attribute "original-title".
I have tryed this:
content_tag(:span, '', :class => options[:pinfo_class], :original-title => options[:pinfo])
But it gives a error in view.
Then I have used this which works, but not with the tooltip.
content_tag(:span, '', :class => options[:pinfo_class], :original_title => options[:pinfo])
How do I force rails to use the :original-title ?
You can use a string as a hash key, like 'original-title' => options[:pinfo]. Should work.
Also, most strings can be converted to symbols via 'some-string'.to_sym method, or even defined as :'some-string'.
i am trying to call a remote method to update page content via ajax/js.
either i am too tired already or haml is not parsing the following code correctly to send the value of the query field via prototype. any ideas?
- form_remote_tag(:url => {:controller => "search", :action => "line"},:with => "'query=' + $('query').value" ) do
%input{:type => 'text', :id => 'query'}
%input{:type => 'submit', :value => 'Search'}
thanks a lot!
t
Have you tried a
= form_remote_tag
instead of
- form_remote_tag
I'm new to HAML myself but I was under the impression that you'll need the form tag to be actually generated not just executed...
Try passing the :with as part of the options hash.
- form_remote_tag({ :url => {:controller => "search", :action => "line"}, :with => "'query=' + $('query').value" }) do
If that doesn't work, debug the problem: Look at the generated html. Is the text field with id query the only element in the page with that id? Is the js code correct? Use the Firebug console to ensure $('query').value returns whatever you've entered into the text field.
Still stuck? Add your generated html into your question so we can better help.
EDIT: Your query input tag does not have a name attribute. Without a name, the javascript helper code skips that field when serializing the form fields...also, you do not need the :with code.
%input{:type => 'text', :id => 'query', :name => 'query'}
Is it possible to use the :with option with remote_form_for?
It works with link_to_remote, and the api docs seems to indicate :with should work with any of the remote_ methods.
Here is the code I'm using, and output it's producing:
Link_to_remote (works):
= link_to_remote 'ARGH', {:url => {:action => 'load_item', :id => #policy.id} , :with => "'elephant=mouse'"}
arg
Remote_form_for (doesn't work)
= remote_form_for :policy, #policy, :url => {:action => 'load_item', :id => #policy.id} , :with => "'elephant=mouse'" do |f|
<form action="http://localhost:3000/quote_edit/load_item/5" method="post" onsubmit="new Ajax.Request('http://localhost:3000/quote_edit/load_item/5', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">
Does anyone know how to make remote_form_for pick up on this option?
Or is it being ignored by remote_form_for as it needs to use parameters:Form.serialize(this) to pick up the values from the current form?
Cheers
Dave Smylie
I had the same problem when I wanted to use javascript to calculate the id of the url.
Researched the source code and determined that remote forms and submits don't seem to allow the :with statement to work.
I got around this using a hidden field called overridden_id on the form. Then in the :before option, I added javascript to set the hidden fields value.
Inside the controller I added "params[:overriden_id] || parmam[:id]" to my Find to override the default id passed into the url.
I am working on a rails project. Using the tag observe_field, I am taking text typed into a text area, processing it in a control, and displaying the result in a div (very similar to the preview in stack overflow). Everything works fine until I type certain special chars.
? => causes the variable not to be found in the params object
(pound) => causes an invalid authenticity error
% => stops the div from being updated
& => every thing after the & is no longer passed into the variable on the server.
Is there a way to solve this?
--- code sample ---
this is the view. ( 'postbody' is a text area)
<%= observe_field 'postbody',
:update => 'preview',
:url => {:controller => 'blog', :action => 'textile_to_html'},
:frequency => 0.5,
:with => 'postbody' -%>
this is the controller that is called
def textile_to_html
text = params['postbody']
if text == nil then
#textile_to_html = '<br/>never set'
else
r = RedCloth.new text
#textile_to_html = r.to_html
end
render :layout => false
end
and this is the javascript that is created:
new Form.Element.Observer('postbody', 0.5, function(element, value) {new Ajax.Updater('preview', '/blog/textile_to_html', {asynchronous:true, evalScripts:true, parameters:'postbody=' + value + '&authenticity_token=' + encodeURIComponent('22f7ee12eac9efd418caa0fe76ae9e862025ef97')})})
This is an escaping issue (as stated by others).
You'll want to change your observe_field :with statement to something like:
:with => "'postbody=' + encodeURIComponent(value)"
Then in your controller:
def textile_to_html
text = URI.unescape(params['postbody'])
...
Can you provide a code sample?
More likely than not you'll just need to escape your HTML entities using encodeuri or something like that.
What does the generated Javascript look like?
Sounds (at first glance) like it's not being escaped.