Module: ERB::Util
- Defined in:
- activesupport/lib/active_support/core_ext/string/output_safety.rb
Constant Summary
- HTML_ESCAPE =
{ '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
- JSON_ESCAPE =
{ '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
Instance Method Summary (collapse)
-
- (Object) html_escape(s)
(also: #h)
A utility method for escaping HTML tag characters.
-
- (Object) json_escape(s)
(also: #j)
A utility method for escaping HTML entities in JSON strings.
Instance Method Details
- (Object) html_escape(s) Also known as: h
A utility method for escaping HTML tag characters. This method is also aliased as h.
In your ERb templates, use this method to escape any unsafe content. For example:
<%=h @person.name %>Example:
puts html_escape("is a > 0 & a < 10?")
# => is a > 0 & a < 10?
18 19 20 21 22 23 24 25 |
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 18 def html_escape(s) s = s.to_s if s.html_safe? s else s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe end end |
- (Object) json_escape(s) Also known as: j
A utility method for escaping HTML entities in JSON strings. This method is also aliased as j.
In your ERb templates, use this method to escape any HTML entities:
<%=j @person.to_json %>Example:
puts json_escape("is a > 0 & a < 10?")
# => is a \u003E 0 \u0026 a \u003C 10?
44 45 46 |
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 44 def json_escape(s) s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } end |
