I will share some trick to avoid XSS cross site warning in Breakman Rails.
- Example Case: URL
Problem :
<%= raw generated_link_to("View Barcode","schedule/show_barcode?id="+data[0].to_s+"&schedule_id="+@schedule[:id].to_s","edit_schedule",{:class => 'btn btn-mini btn-info',:remote=>"true"}) %>
Solved :
<%= raw generated_link_to("View Barcode", schedule_show_barcode_path({:id=>data[0].to_s, :schedule_id=>@schedule[:id].to_s})"edit_schedule",{:class => 'btn btn-mini btn-info',:remote=>"true"}) %>
*) schedule_show_barcode_path = route alias in config/routes
- Example Case: Javascript or CSS
Problem :
<%= raw generated_link_to('<i class="icon-trash"</i>'.html_safe,"#delete_progress","add_schedule",{:class => 'removedbuttonsetting', :onclick => (params[:row_index],params[:form_type])})%>
<script type="text/javascript">
function delete_row_form_extrarow(index,form_type){
$("#tr_body_"+form_type+"_"+index).remove();
}
</script>
Solved :
<%= raw generated_link_to('<i class="icon-trash"></i>'.html_safe,"#delete_progress","add_schedule",{:class => 'removedbuttonsetting', :indexattr => params[:row_index].to_json,:typeattr => params[:form_type].to_json})%>
<script type="text/javascript">
$(function(){
$(".removedbuttonsetting").click(function(){
var index = $(this).attr('indexattr');
var form_type = $(this).attr('typeattr');
delete_row_form_extrarow(index,form_type);
})
});
function delete_row_form_extrarow(index,form_type){
var index1 = JSON.parse(index);
var form_type1 = JSON.parse(form_type);
$("#tr_body_"+form_type1+"_"+index1).remove();
}
</script>