Hey guys. I’m trying to get the proper array as a response in one of my eex files. So what I want as a response is this: ["User 1", "User 2"] but what I get is ["User 1","User 2"] . Here is the code that I’m using to produce this output in my EEx file:
Poison.encode!(Enum.map(@project_ext, fn x -> (x["name"]) end))
Ok, then in general the fact that HTML is escaped (" is turned into ") is good, because otherwise your application would be vulnerable to XSS attacks.
If the JSON you are embedding in your page does not contain any user input and is fully under your control, you can use <%= raw ... %> to skip the HTML escaping. Let me reiterate one more time the point that this can introduce an attack vector if any of this JSON data can be manipulated by untrusted parties.
Also beware of script injection attacks. if this value comes from an user input you need to check by yourself if the user is injecting a malicious code.