Class: CGI

Inherits:
Object show all
Defined in:
lib/standard/facets/cgi/esc.rb,
lib/standard/facets/cgi/marshal.rb,
lib/standard/facets/cgi/escape_html.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.escape_html(string, *modes) ⇒ Object Also known as: escapeHTML

Extends `#escape_html` to support escape modes. By default all strings are escaped on `&`, `>` and `<`. Add the `:nonstandard` mode to omit this conversion.

If no mode is given then the `:default` mode is used.

Available modes include:

  • `:quote` - escapes single and double quotes

  • `:newlines` - escapes newline characters (r and n)

  • `:ampersand` - escapes the ampersand sign

  • `:brackets` - escapes less-than and greater-than signs

  • `:default` - escapes double quotes

Examples:

escape_html("<tag>")  #=> "&lt;tag&gt;"
escape_html("Example\nString", :newlines)  #=> "Example&#13;&#10;String"
escape_html("\"QUOTE\"", false)  #=> "\"QUOTE\""

23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# File 'lib/standard/facets/cgi/escape_html.rb', line 23

def self.escape_html(string, *modes)
  modes << :defualt if modes.empty?

  unless modes.include?(:nonstandard)
    string = string.gsub(/&/, '&amp;').gsub(/>/, '&gt;').gsub(/</, '&lt;')
  end

  modes.each do |mode|
    string = \
      case mode
      when :quote, :quotes
        string.gsub(%r|"|,'&quot;').gsub(%r|'|,'&#39;')
      when :newlines, :newlines
        string.gsub(/[\r\n]+/,'&#13;&#10;')
      when :ampersand
        string.gsub(/&/, '&amp;')
      when :bracket, :brackets
        string.gsub(/>/, '&gt;').gsub(/</, '&lt;')
      when :default, true
        string.gsub(/\"/, '&quot;')
      when false
      else
        raise ArgumentError, "unrecognized HTML escape mode -- #{node}"
      end
  end
end

Instance Method Details

#esc(string, *modes) ⇒ Object

Instance level method for escape_html.


7
8
9
# File 'lib/standard/facets/cgi/esc.rb', line 7

def esc(string, *modes)
  self.class.escape_html(string, *modes)
end

#marshal_from_cgi(name) ⇒ Object

Create an hidden input field through which an object can can be marshalled. This makes it very easy to pass form data between requests.


14
15
16
17
18
# File 'lib/standard/facets/cgi/marshal.rb', line 14

def marshal_from_cgi(name)
  if self.params.has_key?("__#{name}__")
    return Marshal.load(CGI.unescape(self["__#{name}__"][0]))
  end
end

#marshal_to_cgi(name, iobj) ⇒ Object

Create an hidden input field through which an object can can be marshalled. This makes it very easy to pass form data betwenn requests.


7
8
9
10
# File 'lib/standard/facets/cgi/marshal.rb', line 7

def marshal_to_cgi(name, iobj)
  data = CGI.escape(Marshal.dump(iobj))
  return %Q{<input type="hidden" name="__#{name}__" value="#{data}"/>\n}
end