vendor/rails/actionpack/lib/action_view/erb/util.rb

   1 require 'erb'
   2
   3 class ERB
   4   module Util
   5     HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;' }
   6     JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
   7
   8     # A utility method for escaping HTML tag characters.
   9     # This method is also aliased as <tt>h</tt>.
  10     #
  11     # In your ERb templates, use this method to escape any unsafe content. For example:
  12     #   <%=h @person.name %>
  13     #
  14     # ==== Example:
  15     #   puts html_escape("is a > 0 & a < 10?")
  16     #   # => is a &gt; 0 &amp; a &lt; 10?
  17     def html_escape(s)
  18       s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
  19     end
  20
  21     # A utility method for escaping HTML entities in JSON strings.
  22     # This method is also aliased as <tt>j</tt>.
  23     #
  24     # In your ERb templates, use this method to escape any HTML entities:
  25     #   <%=j @person.to_json %>
  26     #
  27     # ==== Example:
  28     #   puts json_escape("is a > 0 & a < 10?")
  29     #   # => is a \u003E 0 \u0026 a \u003C 10?
  30     def json_escape(s)
  31       s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
  32     end
  33
  34     alias j json_escape
  35     module_function :j
  36     module_function :json_escape
  37   end
  38 end