ERB::Util (original) (raw)
Methods
H
J
Constants
| HTML_ESCAPE | = | { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } |
|---|---|---|
| JSON_ESCAPE | = | { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } |
Class Public methods
html_escape(s)
A utility method for escaping HTML tag characters. This method is also aliased as h.
In your ERB templates, use this method to escape any unsafe content. For example:
<%=h @person.name %>
Example:
puts html_escape("is a > 0 & a < 10?")
Also aliased as: h
Source: show
def html_escape(s) s = s.to_s if s.html_safe? s else s.gsub(/&/, "&").gsub(/"/, """).gsub(/>/, ">").gsub(/</, "<").html_safe end end
json_escape(s)
A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals:
json_escape("is a > 0 & a < 10?")
Note that after this operation is performed the output is not valid JSON. In particular double quotes are removed:
json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')
This method is also aliased as j, and available as a helper inRails templates:
<%=j @person.to_json %>
Also aliased as: j
Source: show
def json_escape(s) result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } s.html_safe? ? result.html_safe : result end