score:2

Accepted answer

you're inlining data that's being treated as html "unsafe", so you have to declare it as safe in your template.

<%= @foo_bar.to_json.html_safe %>

note that when you declare something as "safe" that means you're confident you're not exposing yourself to xss attacks because you're using some other escape method. in your case make sure you're emitting properly escaped javascript or json.


Related Query

More Query from same tag