Home/ Questions/Q 3626924
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T23:49:25+00:00

I have been looking at this Railscast , specifically these lines of code. //

  • 0

I have been looking at this Railscast, specifically these lines of code.

// views/reviews/create.js.erb
$("#new_review").before('<div id="flash_notice"><%= escape_javascript(flash.delete(:notice)) %></div>');
$("#reviews_count").html("<%= pluralize(@review.product.reviews.count, 'Review') %>");
$("#reviews").append("<%= escape_javascript(render(:partial => @review)) %>");
$("#new_review")[0].reset();

Could someone explain why escape_javascript has been used for rendering a partial, and displaying a flash notice, but not for the pluralize function?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are only a couple of possible outputs from pluralize(@review.product.reviews.count, ‘Review’)

    0 Reviews
1 Review
n Reviews

    No output of that would ever need to be escaped, so the writer chose not to do so.

    Escaping javascript will change <div id="yo">You're Awesome</div> into text that won’t cause the javascript interpreter to think the quotes end your string variable.

    If you were to type in 

    var awesome = "<div id="yo">You're Awesome</div>";

    It would blow up. The quotes need to be “escaped” into

    &lt;div id=\&quot;yo\&quot;&gt;You\'re Awesome&lt;\/div&gt;
    • 0