79142628

Date: 2024-10-30 20:07:19
Score: 0.5
Natty:
Report link

Use alert(<%= JSON.generate(ERB::Util::html_escape(@notice)) =>), which will work for all text, including with line breaks, prevent XSS, etc.

https://code.dblock.org/2024/10/30/safely-passing-ruby-variables-to-javascript-in-erb.html

Reasons:
  • Probably link only (1):
  • Low length (1):
  • Has code block (-0.5):
  • High reputation (-1):
Posted by: dB.