On May 31, 8:24 pm, Mk 27 <[email protected]> wrote:
> After googling for a bit I now believe that you simply *cannot* put erb
> tags in a .js file.
>
Normal js files are just served as-is (and if you have set things up
right never even touch rails at all (ie they are server directly by
nginx or apache)).
if you have an action that renders a .js.erb template you'll get what
you want.
> I managed to get around this by rewriting the DOM as html and putting it
> in a partial, such that the (different) onclick that was supposed to
> call a js function with erb in it now calls an erb function with a js
> function in it...
>
> <span onclick="<%= remote_function(:update => "dropinner",
> :url => { :action=>:rendpart, :part=>"addmenu" },
> :success => "new Effect.BlindDown('dropmenu')")%>">
>
> but if anyone knows how to do what I have in the OP, please lemme know
> for future reference.
>
> Also, is there a way to call "render" from within remote_function(:url
> => {}) so I can skip the controller function that calls render?
Nope. remote_function just generates a blob of javascript that calls
an appropriate controller action
>
> def rendpart
> render :partial => params[:part]
> end
I have a sneaking suspicion that would allow an attacker to read any
file on your hard disk (by passing the absolute path to the file as
params[:part])
Fred
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
