Module: ERB::Util
- Included in:
- ActionView::Base
- Defined in:
- activesupport/lib/active_support/core_ext/string/output_safety.rb
Constant Summary collapse
- HTML_ESCAPE =
{ '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' }
- JSON_ESCAPE =
{ '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
- HTML_ESCAPE_ONCE_REGEXP =
/["><']|&(?!([a-zA-Z]+|(#\d+));)/
- JSON_ESCAPE_REGEXP =
/[&"><]/
Class Method Summary collapse
-
.h ⇒ Object
A utility method for escaping HTML tag characters.
-
.html_escape(s) ⇒ Object
A utility method for escaping HTML tag characters.
-
.html_escape_once(s) ⇒ Object
A utility method for escaping HTML without affecting existing escaped entities.
-
.json_escape(s) ⇒ Object
A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals:.
Class Method Details
.h ⇒ Object
A utility method for escaping HTML tag characters. This method is also aliased as h
.
In your ERB templates, use this method to escape any unsafe content. For example:
<%=h @person.name %>
puts html_escape('is a > 0 & a < 10?')
# => is a > 0 & a < 10?
30 31 32 33 34 35 36 37 |
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 30 def html_escape(s) s = s.to_s if s.html_safe? s else s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe end end |
.html_escape(s) ⇒ Object
A utility method for escaping HTML tag characters. This method is also aliased as h
.
In your ERB templates, use this method to escape any unsafe content. For example:
<%=h @person.name %>
puts html_escape('is a > 0 & a < 10?')
# => is a > 0 & a < 10?
19 20 21 22 23 24 25 26 |
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 19 def html_escape(s) s = s.to_s if s.html_safe? s else s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe end end |
.html_escape_once(s) ⇒ Object
A utility method for escaping HTML without affecting existing escaped entities.
html_escape_once('1 < 2 & 3')
# => "1 < 2 & 3"
html_escape_once('<< Accept & Checkout')
# => "<< Accept & Checkout"
44 45 46 47 |
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 44 def html_escape_once(s) result = s.to_s.gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE) s.html_safe? ? result.html_safe : result end |
.json_escape(s) ⇒ Object
A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals:
json_escape('is a > 0 & a < 10?')
# => is a \u003E 0 \u0026 a \u003C 10?
Note that after this operation is performed the output is not valid JSON. In particular double quotes are removed:
json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')
# => {name:john,created_at:2010-04-28T01:39:31Z,id:1}
62 63 64 65 |
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 62 def json_escape(s) result = s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE) s.html_safe? ? result.html_safe : result end |