Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure response_body is escaped in html_example template #148

Merged
merged 1 commit into from
Aug 5, 2014

Conversation

cam-woloshyn
Copy link
Contributor

This commit resolves an issue for HTML documents when the response_body includes HTML markup.

For example, if response_body = {"email":"[email protected]","name":"<h1>Order 1</h1>","paid":true}
the generated HTML page won't escape the HTML, and <h1>Order 1</h1> will be rendered as a Heading 1. This is so because the mustache template renders the response_body using triple curly braces rather than double curly braces. Triple curly braces were introduced to pretty print the JSON. But this functionality was later removed, and I can't see why triple braces are still needed.

(Note: this issue only affects Rails 3 but not Rails 4 apps. I'm not certain why, but I believe it has to do with the changes to JSON handling (see release notes). This patch should be a transparent change for Rails 4 apps.)

oestrich added a commit that referenced this pull request Aug 5, 2014
Ensure response_body is escaped in html_example template
@oestrich oestrich merged commit 13cdb46 into zipmark:master Aug 5, 2014
@oestrich
Copy link
Contributor

oestrich commented Aug 5, 2014

Thanks, especially for researching what broke!

@cam-woloshyn cam-woloshyn deleted the escapeHTML branch August 5, 2014 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants