fix issue #393
This commit is contained in:
Didier Lafforgue
parent
6342b94ede
commit
662e359acb
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
content_entry: #{@content_entry.to_json}
|
content_entry: #{j @content_entry.to_json.html_safe}
|
||||||
|
|
||||||
= f.inputs :name => :attributes do
|
= f.inputs :name => :attributes do
|
||||||
- @content_type.ordered_entries_custom_fields.each_with_index do |field, index|
|
- @content_type.ordered_entries_custom_fields.each_with_index do |field, index|
|
||||||
|
|||||||
@ -3,8 +3,8 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
content_type: #{@content_type.persisted? ? @content_type.to_json : 'null'},
|
content_type: #{j @content_type.persisted? ? @content_type.to_json.html_safe : 'null'},
|
||||||
inverse_of_list: #{options_for_content_type_inverse_of.to_json}
|
inverse_of_list: #{j options_for_content_type_inverse_of.to_json.html_safe}
|
||||||
|
|
||||||
= f.inputs :name => :information do
|
= f.inputs :name => :information do
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
site: #{@site.to_json(:current_account => current_locomotive_account, :current_site => current_site)},
|
site: #{j @site.to_json(:current_account => current_locomotive_account, :current_site => current_site).html_safe},
|
||||||
errors: #{@site.errors.to_json}
|
errors: #{@site.errors.to_json}
|
||||||
|
|
||||||
= f.inputs :name => :information do
|
= f.inputs :name => :information do
|
||||||
|
|||||||
@ -38,4 +38,4 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
, all_#{name}_entries: #{target_content_type.list_or_group_entries.to_json(:depth => 1)}
|
, all_#{name}_entries: #{j target_content_type.list_or_group_entries.to_json(:depth => 1).html_safe}
|
||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
account: #{@account.to_json}
|
account: #{j @account.to_json.html_safe}
|
||||||
|
|
||||||
- content_for :submenu do
|
- content_for :submenu do
|
||||||
= render_cell 'locomotive/settings_menu', :show
|
= render_cell 'locomotive/settings_menu', :show
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
page: #{@page.to_presenter.as_json_for_html_view.to_json}
|
page: #{j @page.to_presenter.as_json_for_html_view.to_json.html_safe}
|
||||||
|
|
||||||
- if can?(:manage, @page)
|
- if can?(:manage, @page)
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@
|
|||||||
window.content_locale = '#{::Mongoid::Fields::I18n.locale}';
|
window.content_locale = '#{::Mongoid::Fields::I18n.locale}';
|
||||||
|
|
||||||
Locomotive.mounted_on = '#{Locomotive.mounted_on}';
|
Locomotive.mounted_on = '#{Locomotive.mounted_on}';
|
||||||
Locomotive.current_site = new Locomotive.Models.Site(#{current_site.to_json});
|
Locomotive.current_site = new Locomotive.Models.Site(#{j current_site.to_json.html_safe});
|
||||||
Locomotive.current_account = new Locomotive.Models.Account(#{current_locomotive_account.to_json});
|
Locomotive.current_account = new Locomotive.Models.Account(#{j current_locomotive_account.to_json.html_safe});
|
||||||
|
|
||||||
$(document).ready(function() {
|
$(document).ready(function() {
|
||||||
|
|
||||||
|
|||||||
@ -19,8 +19,8 @@
|
|||||||
window.locale = '#{I18n.locale}';
|
window.locale = '#{I18n.locale}';
|
||||||
window.content_locale = '#{::Mongoid::Fields::I18n.locale}';
|
window.content_locale = '#{::Mongoid::Fields::I18n.locale}';
|
||||||
|
|
||||||
Locomotive.current_site = new Locomotive.Models.Site(#{current_site.to_presenter.as_json_for_html_view.to_json});
|
Locomotive.current_site = new Locomotive.Models.Site(#{j current_site.to_presenter.as_json_for_html_view.to_json.html_safe});
|
||||||
Locomotive.current_account = new Locomotive.Models.Account(#{current_locomotive_account.to_json});
|
Locomotive.current_account = new Locomotive.Models.Account(#{j current_locomotive_account.to_json.html_safe});
|
||||||
|
|
||||||
$(document).ready(function() {
|
$(document).ready(function() {
|
||||||
|
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
snippet: #{@snippet.persisted? ? @snippet.to_presenter.as_json_for_html_view.to_json : 'null'}
|
snippet: #{j @snippet.persisted? ? @snippet.to_presenter.as_json_for_html_view.to_json.html_safe : 'null'}
|
||||||
|
|
||||||
= f.inputs :name => :information do
|
= f.inputs :name => :information do
|
||||||
= f.input :name, :wrapper_html => { :class => 'highlighted' }
|
= f.input :name, :wrapper_html => { :class => 'highlighted' }
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
theme_asset: #{@theme_asset.persisted? ? @theme_asset.to_json : 'null'}
|
theme_asset: #{j @theme_asset.persisted? ? @theme_asset.to_json.html_safe : 'null'}
|
||||||
|
|
||||||
= f.hidden_field :performing_plain_text
|
= f.hidden_field :performing_plain_text
|
||||||
|
|
||||||
|
|||||||
@ -16,11 +16,11 @@
|
|||||||
|
|
||||||
- content_for :backbone_view_data do
|
- content_for :backbone_view_data do
|
||||||
:plain
|
:plain
|
||||||
snippets: #{can?(:manage, Locomotive::Snippet) ? @snippets.map { |snippet| snippet.to_presenter.as_json_for_html_view }.to_json : 'null'},
|
snippets: #{j can?(:manage, Locomotive::Snippet) ? @snippets.map { |snippet| snippet.to_presenter.as_json_for_html_view }.to_json.html_safe : 'null'},
|
||||||
images: #{theme_assets_to_json(@assets[:images])},
|
images: #{j theme_assets_to_json(@assets[:images]).html_safe},
|
||||||
media: #{theme_assets_to_json(@assets[:media])},
|
media: #{j theme_assets_to_json(@assets[:media]).html_safe},
|
||||||
js_and_css_assets: #{can?(:manage, Locomotive::ThemeAsset) ? theme_assets_to_json(@js_and_css_assets) : 'null'},
|
js_and_css_assets: #{j can?(:manage, Locomotive::ThemeAsset) ? theme_assets_to_json(@js_and_css_assets).html_safe : 'null'},
|
||||||
fonts: #{can?(:manage, Locomotive::ThemeAsset) ? theme_assets_to_json(@assets[:fonts]) : 'null'}
|
fonts: #{j can?(:manage, Locomotive::ThemeAsset) ? theme_assets_to_json(@assets[:fonts]).html_safe : 'null'}
|
||||||
|
|
||||||
- content_for :submenu do
|
- content_for :submenu do
|
||||||
= render_cell 'locomotive/settings_menu', :show
|
= render_cell 'locomotive/settings_menu', :show
|
||||||
|
|||||||
@ -12,6 +12,7 @@ require 'locomotive/carrierwave'
|
|||||||
require 'locomotive/custom_fields'
|
require 'locomotive/custom_fields'
|
||||||
require 'locomotive/httparty'
|
require 'locomotive/httparty'
|
||||||
require 'locomotive/action_controller'
|
require 'locomotive/action_controller'
|
||||||
|
require 'locomotive/rails'
|
||||||
require 'locomotive/routing'
|
require 'locomotive/routing'
|
||||||
require 'locomotive/regexps'
|
require 'locomotive/regexps'
|
||||||
require 'locomotive/render'
|
require 'locomotive/render'
|
||||||
|
|||||||
1
lib/locomotive/rails.rb
Normal file
1
lib/locomotive/rails.rb
Normal file
@ -0,0 +1 @@
|
|||||||
|
require 'locomotive/rails/action_view'
|
||||||
9
lib/locomotive/rails/action_view.rb
Normal file
9
lib/locomotive/rails/action_view.rb
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# http://jfire.io/blog/2012/04/30/how-to-securely-bootstrap-json-in-a-rails-view/
|
||||||
|
class ActionView::Base
|
||||||
|
def json_escape(s)
|
||||||
|
result = s.to_s.gsub('/', '\/')
|
||||||
|
s.html_safe? ? result.html_safe : result
|
||||||
|
end
|
||||||
|
|
||||||
|
alias j json_escape
|
||||||
|
end
|
||||||
Loading…
Reference in New Issue
Block a user