Module: ActionView::Helpers::OutputSafetyHelper
- Included in:
- ActionView::Helpers, TagHelper, TextHelper
- Defined in:
- lib/action_view/helpers/output_safety_helper.rb
Overview
:nodoc:
Instance Method Summary collapse
-
#raw(stringish) ⇒ Object
This method outputs without escaping a string.
-
#safe_join(array, sep = $,) ⇒ Object
This method returns an HTML safe string similar to what
Array#join
would return.
Instance Method Details
#raw(stringish) ⇒ Object
This method outputs without escaping a string. Since escaping tags is now default, this can be used when you don’t want Rails to automatically escape tags. This is not recommended if the data is coming from the user’s input.
For example:
raw @user.name
# => 'Jimmy <alert>Tables</alert>'
16 17 18 |
# File 'lib/action_view/helpers/output_safety_helper.rb', line 16 def raw(stringish) stringish.to_s.html_safe end |
#safe_join(array, sep = $,) ⇒ Object
This method returns an HTML safe string similar to what Array#join
would return. The array is flattened, and all items, including the supplied separator, are HTML escaped unless they are HTML safe, and the returned string is marked as HTML safe.
safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
# => "<p>foo</p><br /><p>bar</p>"
safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe)
# => "<p>foo</p><br /><p>bar</p>"
31 32 33 34 35 |
# File 'lib/action_view/helpers/output_safety_helper.rb', line 31 def safe_join(array, sep=$,) sep = ERB::Util.unwrapped_html_escape(sep) array.flatten.map! { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe end |