17

I am having problems when trying to use a rails variable within javascript code.

For example, I might define a link_to_remote, with parameter :complete => "alert('my_var');"

If my_var = "I'm testing.", then the javascript code will break due to the single quote closing the code prematurely. If I try using escape_javascript(my_var) so that the quote gets turned into \', it doesn't seem to fix the problem.

I've noticed that when you try alert('I\'m testing'); there's a problem, but if you do alert('I\\'m testing'), it works. Since escape_javascript only turns ' into \', rather than \\', does somebody have a suggestion for how to handle this?

Thanks! Eric

Improve this question

1 Answer 1

Reset to default
30

when you try alert('I\'m testing'); there's a problem

Backslash is also an escape in Ruby strings! So the string literal:

"alert('I\'m testing');"

means the string:

alert('I'm testing');

the backslash is gone already before JavaScript gets a look at it. When you are writing a JavaScript string literal inside a Ruby string literal you need to escape the escape, \\, to get a real \ that will then, in JavaScript, escape the apostrophe.

escape_javascript correctly generates the backslash for JavaScript, if a backslash was included in its input. But again, if you're writing a string literal, you have to escape the backslash to get a real backslash:

escape_javascript("\b")     -> this is a backspace character!
escape_javascript("\\b")    -> this is backslash-then-letter-b;
                               escaped for JavaScript literal to double-backslash-then-b.

So, this is fine:

"'"+escape_javascript(myvar)+"'"

alternatively, you can use a JSON encoder to create the JavaScript string literal including the surrounding quotes.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

it has also a simple "j" alias: "'"+j(myvar)+"'"
A note for recent readers: as of rails 3.2 (and perhaps before) the method is escape_javascript and not javascript_escape

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.