mercredi 27 janvier 2016

Rails sanitize method replaces single quotes with double quotes

The rails sanitize method replaces single quotes with double quotes when anchor tags are seen.

Example

sanitize("<a href='https://google.com'>google</a>")
=> "<a href=\"https://google.com\">google</a>"

This is problematic because in my application, I'm sanitizing JSON payloads that can contain these strings, which causes the JSON to be malformed.

JSON.parse("{\"link\":\"<a href='https://google.com'>google</a>\"}")
=> {"link"=>"<a href='https://google.com'>google</a>"}

JSON.parse(sanitize(("{\"link\":\"<a href='https://google.com'>google</a>\"}"))
=> JSON::ParseError

I don't have any control over the input string. Is there any way to prevent the conversion of single to double quotes?

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)