For a template like:
<div data-config="<%== @config.to_json %>"></div>
This will render as the following in Erubi via ActionView:
<div data-config="{"key":"value"}"></div>which is not valid HTML and breaks the rendered markup.
Prior to ReActionView 0.3.0, Herb in ReActionView rendered the above template as:
<div data-config="{"key":"value"}"></div>With ReActionView 0.3.0 it will now produce invalid markup to match Erubi and to fix marcoroth/herb#1419, but I think we can do better and improve this behavior.
I think we should warn about this, or even disallow it. We could also make it a runtime exception in development by checking the value for characters that need to be escaped in that context.
For a template like:
This will render as the following in Erubi via ActionView:
which is not valid HTML and breaks the rendered markup.
Prior to ReActionView 0.3.0, Herb in ReActionView rendered the above template as:
With ReActionView 0.3.0 it will now produce invalid markup to match Erubi and to fix marcoroth/herb#1419, but I think we can do better and improve this behavior.
I think we should warn about this, or even disallow it. We could also make it a runtime exception in development by checking the value for characters that need to be escaped in that context.