Module: ActionView::Helpers::JavaScriptHelper

Included in:
ActionView::Helpers
Defined in:
lib/action_view/helpers/javascript_helper.rb

Constant Summary collapse

JS_ESCAPE_MAP =
{
  '\\'    => '\\\\',
  "</"    => '<\/',
  "\r\n"  => '\n',
  "\n"    => '\n',
  "\r"    => '\n',
  '"'     => '\\"',
  "'"     => "\\'",
  "`"     => "\\`",
  "$"     => "\\$"
}

Instance Method Summary collapse

Instance Method Details

#escape_javascript(javascript) ⇒ Object Also known as: j

Escapes carriage returns and single and double quotes for JavaScript segments.

Also available through the alias j(). This is particularly helpful in JavaScript responses, like:

$('some_element').replaceWith('<%= j render 'some/element_template' %>');


29
30
31
32
33
34
35
36
# File 'lib/action_view/helpers/javascript_helper.rb', line 29

def escape_javascript(javascript)
  if javascript
    result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u) { |match| JS_ESCAPE_MAP[match] }
    javascript.html_safe? ? result.html_safe : result
  else
    ""
  end
end

#javascript_cdata_section(content) ⇒ Object

:nodoc:



91
92
93
# File 'lib/action_view/helpers/javascript_helper.rb', line 91

def javascript_cdata_section(content) #:nodoc:
  "\n//#{cdata_section("\n#{content}\n//")}\n".html_safe
end

#javascript_tag(content_or_options_with_block = nil, html_options = {}, &block) ⇒ Object

Returns a JavaScript tag with the content inside. Example:

javascript_tag "alert('All is good')"

Returns:

<script>
//<![CDATA[
alert('All is good')
//]]>
</script>

html_options may be a hash of attributes for the <script> tag.

javascript_tag "alert('All is good')", defer: 'defer'

Returns:

<script defer="defer">
//<![CDATA[
alert('All is good')
//]]>
</script>

Instead of passing the content as an argument, you can also use a block in which case, you pass your html_options as the first parameter.

<%= javascript_tag defer: 'defer' do -%>
  alert('All is good')
<% end -%>

If you have a content security policy enabled then you can add an automatic nonce value by passing nonce: true as part of html_options. Example:

<%= javascript_tag nonce: true do -%>
  alert('All is good')
<% end -%>


75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# File 'lib/action_view/helpers/javascript_helper.rb', line 75

def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block)
  content =
    if block_given?
      html_options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash)
      capture(&block)
    else
      content_or_options_with_block
    end

  if html_options[:nonce] == true
    html_options[:nonce] = content_security_policy_nonce
  end

  ("script".freeze, javascript_cdata_section(content), html_options)
end