CGI.unescape and CGI.unescapeHTML don't do anything

Question

I have a string that I receive as a response to a get request

{&quot;revision&quot;=&gt;&quot;r2407&quot;, &quot;full_version&quot;=&gt;&quot;2.5 [r2407]&quot;, &quot;full_name&quot;=&gt;&quot; [r2407]&quot;, &quot;version&quot;=&gt;&quot;2.5&quot;}

In a js file:

$('.output').text('<%=CGI.unescape(@response.to_s)%>')

I still get the same string with &quot's and stuff. I also tried JS unescape() and it didn't do anything too. What's wrong?

That might be a stupid question, but does your file have an .erb extension? — BroiSatse, Nov 29 '13 at 15:13

score 0 · Answer 1 · answered Nov 29 '13 at 15:11

CGI.escape and CGI.unescape is to handle URL-encoded string.

CGI.escape('&')
# => "%26"
CGI.unescape('%26')
# => "&"

Use CGI::unescape_html instead:

CGI.unescape_html('&gt;')
# => ">"

body = '{&quot;revision&quot;=&gt;&quot;r2407&quot;, &quot;full_version&quot;=&gt;&quot;2.5 [r2407]&quot;, &quot;full_name&quot;=&gt;&quot; [r2407]&quot;, &quot;version&quot;=&gt;&quot;2.5&quot;}'
CGI.unescape_html(body)
# => {"revision"=>"r2407", "full_version"=>"2.5 [r2407]", "full_name"=>" [r2407]", "version"=>"2.5"}

Tried it. Still no effect. There is actually that line in the controller: `response.body = CGI.unescape_html(response.body)` — Euphe, Nov 29 '13 at 15:12

score 0 · Answer 2 · edited Nov 29 '13 at 18:50

0

I think you first need to unescape the HTML from response using CGI.unescape_html, then escape it for JavaScript with j:

$('.output').text('<%=j CGI.unescape_html(@response.to_s)%>')

edited Nov 29 '13 at 18:50

the Tin Man

158,662
42
215
303

answered Nov 29 '13 at 15:20

Baldrick

23,882
6
74
79

CGI.unescape and CGI.unescapeHTML don't do anything

2 Answers2