Prevent Rails from encoding the ampersands in a URL when outputting JSON

Question

I have the following code:

render json: { image: image }

Image has an attribute "url". Let's say it's:

https://blah.com/a?A=B&C=D

When rendering, this is what I get:

{"image":{"url":"https://blah.com/a?A=B\u0026C=D"}}

The ampersand is getting encoded as \u0026

Is there any way to avoid this encoding?

See my answer to this similar question here: http://stackoverflow.com/a/35020478/594763 — patrick, Jan 26 '16 at 18:11

score 41 · Accepted Answer · answered Dec 13 '14 at 15:35

41

Add to your application.rb file:

config.active_support.escape_html_entities_in_json = false

answered Dec 13 '14 at 15:35

olhor

3

And don't forget to restart server after :-) ..nice answer! – Giovanni Benussi Oct 19 '16 at 11:04
3

This opens up your application to XSS vulnerabilities if you render data somewhere from that JSON https://brakemanscanner.org/docs/warning_types/cross_site_scripting_to_json/ – Alan H Nov 20 '19 at 10:51

score -1 · Answer 2 · edited May 23 '17 at 12:32

-1

your answer described there:

and also this would help you:

edited May 23 '17 at 12:32

Community

answered Dec 11 '14 at 23:20

01e

3

All these explain why it happens, but not how to solve the problem. The URLs i have are to external resources, not internal to my app, so I can't solve this problem by using the routing helpers to generate URLs. And monkeypatching sounds like a very, very bad idea. – Daniel Magliola Dec 12 '14 at 09:02
Can you paste part of your code? Or explain your problem more? where you use these codes? ... – 01e Dec 12 '14 at 11:09

2 Answers2