Sign in through GitHub

Please read for an updated status on RailsCasts:

Learn more or hide this

Richard Cook's Profile

GitHub User: rcook

Comments by Richard Cook

Avatar

I think the proper way to prepare the fields HTML is as follows:

ruby
link_to(name, '#', class: "add_fields", data: {id: id, fields: escape_html_attribute(fields)})

and then define escape_html_attribute as follows:

ruby
def escape_html_attribute(str)
  Rack::Utils.escape_html(str).gsub("\n", '
').html_safe
end

This prevents the & in 
 from being escaped.