Rails escape_javascript creates invalid JSON by escaping single quotes

The escape_javascript method in ActionView escapes the apostrophe ' as backslash apostrophe \', which gives errors when parsing as JSON.

For example, the message "I'm here" is valid JSON when printed as:

{开发者_如何学编程"message": "I'm here"}

But, <%= escape_javascript("I'm here") %> outputs "I\'m here", resulting in invalid JSON:

{"message": "I\'m here"}

Is there a patch to fix this, or an alternate way to escape strings when printing to JSON?

Just call .to_json on a string and it will be escaped properly e.g.

"foo'bar".to_json

I ended up adding a new escape_json method to my application_helper.rb, based on the escape_javascript method found in ActionView::Helpers::JavaScriptHelper:

JSON_ESCAPE_MAP = {
    '\\'    => '\\\\',
    '</'    => '<\/',
    "\r\n"  => '\n',
    "\n"    => '\n',
    "\r"    => '\n',
    '"'     => '\\"' }

def escape_json(json)
  json.gsub(/(\\|<\/|\r\n|[\n\r"])/) { JSON_ESCAPE_MAP[$1] }
end

Anyone know of a better workaround than this?

I had some issues similar to this, where I needed to put Javascript commands at the bottom of a Rails template, which put strings into jQuery.data for later retrieval and use.

Whenever I had a single-quote in the string I'd get a JavaScript error on loading the page.

Here is what I did:

-content_for :extra_javascript do
  :javascript
    $('#parent_#{parent.id}').data("jsonized_children", "#{escape_javascript(parent.jsonized_children)}");

May need more details here, but JSON strings must use double quotes. Single quotes are okay in JavaScript strings, but not in JSON.

Already there is an issue in github/rails https://github.com/rails/rails/issues/8844

Fix to mark the string as html_safe

<%= escape_javascript("I'm here".html_safe) %>

or even better you can sanitize the string

<%= sanitize(escape_javascript("I'm here")) %>
<%= escape_javascript(sanitize("I'm here")) %>