2

Let's say I have 2 files, create.js.eex and post.html.eex and I want to render the contents of the post.html.eex template inside the create.js.eex template. Something like this:

$("#something").append("<%= safe_to_string render "post.html", post: @post %>");

The example above doesn't work because I need to escape quotes and other things in the string that gets returned and I can't find a way to do it

Improve this question
0

2 Answers 2

Reset to default
6

You can use render_to_string

    Phoenix.View.render_to_string(MyApp.PageView, "index.html", foo: "bar")

Be aware that this can expose you to XSS.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

Use escape_javascript:

$("#something").append("<%= escape_javascript render("post.html", post: @post) %>");

You can render_to_string and escape that, but there doesn't seem to be much need -- and since it returns a string, it will HTML-escape all the markup.

Actually, this exact example is in the docs:

https://hexdocs.pm/phoenix_html/Phoenix.HTML.html#escape_javascript/1

Improve this answer

1 Comment

Haha I actually PRed that function

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.