a javascript error is reported on all overrided pages containing javascript with charaters (>,&,<)

spree / deface

Rails plugin that allows you to customize ERB views in a Rails application without editing the underlying view.

MIT License

520 stars 127 forks source link

Open mathieu-mbru opened 2 years ago

mathieu-mbru commented 2 years ago

Replace source = doc.to_s by source = doc.to_s.gsub('<', '<').gsub('>', '>').gsub('&', '&') for transforming the encodings

nanego commented 2 years ago

A more generic solution may be this one. Can you please give it a try?

-        source = doc.to_s
+        source = CGI.unescapeHTML doc.to_s

mathieu-mbru commented 2 years ago

Well, thank you for this solution.

HighwayStar commented 1 month ago

Any updates on this pull? Faced this issue, spent hours to find root of issue with js code after applying deface patches on redmine.