Hey there,
[EMAIL PROTECTED] a écrit :
> No. It's not sufficient for the above example.
> You can repeat this example using String#inspect and you will get
> javascript error.
That's because inspect retains a backwards-compatible behavior which has
it use single quotes (and therefore escape single quotes) by default,
and use double quotes (therefore escaping them) if you pass it true.
So the following line fixes your example:
var src = "<a href='javascript:alert(" + message.inspect(true) +
");'>Hello</a>";
I should add that I hope this code was just for example purposes. I
mean, javascript: href's... Yewh! :-)
--
Christophe Porteneuve aka TDD
[EMAIL PROTECTED]
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Spinoffs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
