Class: CGI

Inherits:

Object

Object
CGI

show all

Defined in:: lib/standard/facets/cgi/esc.rb,
lib/standard/facets/cgi/marshal.rb,
lib/standard/facets/cgi/escape_html.rb

Class Method Summary collapse

.escape_html(string, *modes) ⇒ Object (also: escapeHTML)

Extends ‘#escape_html` to support escape modes.

Instance Method Summary collapse

#esc(string, *modes) ⇒ Object

Instance level method for escape_html.
#marshal_from_cgi(name) ⇒ Object

Create an hidden input field through which an object can can be marshalled.
#marshal_to_cgi(name, iobj) ⇒ Object

Create an hidden input field through which an object can can be marshalled.

Class Method Details

.escape_html(string, *modes) ⇒ `Object` Also known as: escapeHTML

Extends ‘#escape_html` to support escape modes. By default all strings are escaped on `&`, `>` and `<`. Add the `:nonstandard` mode to omit this conversion.

If no mode is given then the ‘:default` mode is used.

Available modes include:

‘:quote` - escapes single and double quotes
‘:newlines` - escapes newline characters (r and n)
‘:ampersand` - escapes the ampersand sign
‘:brackets` - escapes less-than and greater-than signs
‘:default` - escapes double quotes

Examples:

escape_html("<tag>")  #=> "&lt;tag&gt;"
escape_html("Example\nString", :newlines)  #=> "Example&#13;&#10;String"
escape_html("\"QUOTE\"", false)  #=> "\"QUOTE\""

# File 'lib/standard/facets/cgi/escape_html.rb', line 23

def self.escape_html(string, *modes)
  modes << :defualt if modes.empty?

  unless modes.include?(:nonstandard)
    string = string.gsub(/&/, '&amp;').gsub(/>/, '&gt;').gsub(/</, '&lt;')
  end

  modes.each do |mode|
    string = \
      case mode
      when :quote, :quotes
        string.gsub(%r|"|,'&quot;').gsub(%r|'|,'&#39;')
      when :newlines, :newlines
        string.gsub(/[\r\n]+/,'&#13;&#10;')
      when :ampersand
        string.gsub(/&/, '&amp;')
      when :bracket, :brackets
        string.gsub(/>/, '&gt;').gsub(/</, '&lt;')
      when :default, true
        string.gsub(/\"/, '&quot;')
      when false
      else
        raise ArgumentError, "unrecognized HTML escape mode -- #{node}"
      end
  end
end

Instance Method Details

#esc(string, *modes) ⇒ `Object`

Instance level method for escape_html.



7
8
9

# File 'lib/standard/facets/cgi/esc.rb', line 7

def esc(string, *modes)
  self.class.escape_html(string, *modes)
end

#marshal_from_cgi(name) ⇒ `Object`

Create an hidden input field through which an object can can be marshalled. This makes it very easy to pass form data between requests.

# File 'lib/standard/facets/cgi/marshal.rb', line 14

def marshal_from_cgi(name)
  if self.params.has_key?("__#{name}__")
    return Marshal.load(CGI.unescape(self["__#{name}__"][0]))
  end
end

#marshal_to_cgi(name, iobj) ⇒ `Object`

Create an hidden input field through which an object can can be marshalled. This makes it very easy to pass form data betwenn requests.

# File 'lib/standard/facets/cgi/marshal.rb', line 7

def marshal_to_cgi(name, iobj)
  data = CGI.escape(Marshal.dump(iobj))
  return %Q{<input type="hidden" name="__#{name}__" value="#{data}"/>\n}
end