Problem with search spinner after bundle update [hobo 1.3.0 + Rails 3.0.17]
37 views
Skip to first unread message
Ronny Hanssen
Aug 27, 2012, 2:43:25 PM8/27/12
to hobo...@googlegroups.com
I just now upgraded one of my sites to use Rails 3.0.17, and suddenly found that the search stopped working. I have been able to trace this back to the rapid_core.dryml file, line 170-189, where the hobo-rapid-javascripts tag is defined:
The problem is that the single-quotes in the code where urlBase and formAuthTokenis set ends up like this in the output:
How can I prevent this from happening? Or should I roll back to 3.0.16 (or 15 or ...)?
Regards,
Ronny
<def tag="hobo-rapid-javascripts">
<script type="text/javascript" param="default"><%=
res = 'var hoboParts = {};'
# FIXME: This should interrogate the model-router - not the models
unless Hobo::Model.all_models.empty?
# Tell JS code how to pluralize names, unless they follow the simple rule
names = Hobo::Model.all_models.map do |m|
m = m.name.underscore
"#{m}: '#{m.pluralize}'" unless m.pluralize == m + 's'
end.compact
res << "var pluralisations = {#{names * ', '}}; "
end
base = [base_url, subsite].compact.join("/")
res << "urlBase = '#{base}'; hoboPagePath = '#{request.fullpath}'"
if protect_against_forgery?
res << "; formAuthToken = { name: '#{request_forgery_protection_token}', value: '#{form_authenticity_token}' }"
end
res
%></script>
</def>
<script type="text/javascript">var hoboParts = {};var pluralisations = {}; urlBase = ''; hoboPagePath = '/'; formAuthToken = { name: 'authenticity_token', value: '1ySDOslOqF4X+kJabKIuqq7K9Vn/C1wqU3dYkOlbA24=' }</script>
How can I prevent this from happening? Or should I roll back to 3.0.16 (or 15 or ...)?
Regards,
Ronny
Ronny Hanssen
Aug 27, 2012, 2:47:00 PM8/27/12
to hobo...@googlegroups.com
I guess this has to be marked as html safe, but where is the best place to do it? And - it probably should go into the hobo-repo? And for all I know it might already be in?
I am btw using:
gem 'rails', '~> 3.0.4'
gem 'hobo', '~> 1.3.0'
... in my Gemfile
I am btw using:
gem 'rails', '~> 3.0.4'
gem 'hobo', '~> 1.3.0'
... in my Gemfile
Ronny Hanssen
Aug 29, 2012, 7:40:26 AM8/29/12
to hobo...@googlegroups.com
According to the Rails 3.0.17 has been released! article and the github changes from 3.0.16 - 3.0.17 it seems that this change may be the most likely culprit: html_escape should escape single quotes.
Could it be that there are more hidden problems that may pop up in Hobo because of this?
Could it be that there are more hidden problems that may pop up in Hobo because of this?
Bryan Larsen
Aug 29, 2012, 8:49:42 AM8/29/12
to hobo...@googlegroups.com
On Wed, Aug 29, 2012 at 7:40 AM, Ronny Hanssen <super...@gmail.com> wrote:
> According to the Rails 3.0.17 has been released! article and the github
> changes from 3.0.16 - 3.0.17 it seems that this change may be the most
> likely culprit: html_escape should escape single quotes.
>
> Could it be that there are more hidden problems that may pop up in Hobo
> because of this?
Yes, it's quite possible. I'll rerun the full test suite against 3.0
> According to the Rails 3.0.17 has been released! article and the github
> changes from 3.0.16 - 3.0.17 it seems that this change may be the most
> likely culprit: html_escape should escape single quotes.
>
> Could it be that there are more hidden problems that may pop up in Hobo
> because of this?
when I get back home in a week.
Rails quite commonly breaks things on a point release due to security
fixes. 2.3.6 was a particularly nasty example.
Bryan
Ronny Hanssen
Aug 29, 2012, 9:04:01 AM8/29/12
to hobo...@googlegroups.com
Great Bryan,
In the meantime I am fixing the Rails version to 3.0.16 in my Gemfile :)
In the meantime I am fixing the Rails version to 3.0.16 in my Gemfile :)
Reply all
Reply to author
Forward
0 new messages