Hey guys. I’m trying to get the proper array as a response in one of my eex files. So what I want as a response is this:
["User 1", "User 2"] but what I get is
["User 1","User 2"] . Here is the code that I’m using to produce this output in my EEx file:
Poison.encode!(Enum.map(@project_ext, fn x -> (x["name"]) end))
Can someone help?
Poison.encode!/1 dies not do a html escape of the string.
You probably do something else that does so.
I have it in EEx file. So the code above is inside
<%= %> block. Maybe that is leading to doing something like that. But how do I avoid it?
phoenix_html dies probably the magic here.
And to be honest, it sounds correct to do so.
If you want to submit JSON do so in an appropriate view, usually without a template.
to clarify, is your goal to output JSON as the response, or you want to include this JSON array somewhere as part of an HTML page?
Yes, I am trying to include the json array as a part of HTML page.
Ok, then in general the fact that HTML is escaped (
" is turned into
") is good, because otherwise your application would be vulnerable to XSS attacks.
If the JSON you are embedding in your page does not contain any user input and is fully under your control, you can use
<%= raw ... %> to skip the HTML escaping. Let me reiterate one more time the point that this can introduce an attack vector if any of this JSON data can be manipulated by untrusted parties.
See more info here: https://hexdocs.pm/phoenix_html/Phoenix.HTML.html
Also beware of script injection attacks. if this value comes from an user input you need to check by yourself if the user is injecting a malicious code.