Module: EscapeUtils

Extended by:

EscapeUtils

Included in:

EscapeUtils

Defined in:

lib/escape_utils.rb,
lib/escape_utils/version.rb,
lib/escape_utils/html/cgi.rb,
lib/escape_utils/html_safety.rb,
ext/escape_utils/escape_utils.c

Defined Under Namespace

Modules: CGIHtmlSafety, HtmlSafety

Constant Summary

VERSION =

"1.3.0"

Instance Attribute Summary

• #html_safe_string_class ⇒ Object

  Default String class to return from HTML escaping.

Class Method Summary

• .escape_html(html, secure = false) ⇒ Object
• .escape_html_as_html_safe(html) ⇒ Object
• .escape_html_once_as_html_safe(html) ⇒ Object
• .escape_url(string) ⇒ Object
• .unescape_html(html) ⇒ Object
• .unescape_url(string) ⇒ Object

Instance Method Summary

• #escape_html_once(str) ⇒ Object

  HTML methods.

• #escape_javascript(str) ⇒ Object

  JavaScript methods.

• #escape_uri(str) ⇒ Object

  URI methods.

• #escape_uri_component(str) ⇒ Object

  URI component methods.

• #escape_xml(str) ⇒ Object

  XML methods.

• #html_secure ⇒ Object
• #html_secure=(val) ⇒ Object
• #unescape_javascript(str) ⇒ Object
• #unescape_uri(str) ⇒ Object
• #unescape_uri_component(str) ⇒ Object

Instance Attribute Details

#html_safe_string_class ⇒ Object

Default String class to return from HTML escaping

# File 'lib/escape_utils.rb', line 18

def html_safe_string_class
  @html_safe_string_class
end

Class Method Details

.escape_html(html, secure = false) ⇒ Object

# File 'lib/escape_utils.rb', line 42

def self.escape_html(html, secure = false)
  warn "EscapeUtils.escape_html is deprecated. Use GCI.escapeHTML instead, it's faster"
  CGI.escapeHTML(html)
end

.escape_html_as_html_safe(html) ⇒ Object

# File 'lib/escape_utils.rb', line 47

def self.escape_html_as_html_safe(html)
  warn "EscapeUtils.escape_html_as_html_safe is deprecated. Use GCI.escapeHTML(str).html_safe instead, it's faster"

  escaped = CGI.escapeHTML(html)
  if String == @html_safe_string_class
    escaped
  else
    escaped = @html_safe_string_class.new(escaped)
    escaped.instance_variable_set(:@html_safe, true)
    escaped
  end
end

.escape_html_once_as_html_safe(html) ⇒ Object

# File 'lib/escape_utils.rb', line 31

def self.escape_html_once_as_html_safe(html)
  escaped = escape_html_once(html)
  if String == @html_safe_string_class
    escaped
  else
    escaped = @html_safe_string_class.new(escaped)
    escaped.instance_variable_set(:@html_safe, true)
    escaped
  end
end

.escape_url(string) ⇒ Object

# File 'lib/escape_utils.rb', line 65

def self.escape_url(string)
  warn "EscapeUtils.escape_url is deprecated. Use CGI.escape instead, performance is similar"
  CGI.escape(string)
end

.unescape_html(html) ⇒ Object

# File 'lib/escape_utils.rb', line 60

def self.unescape_html(html)
  warn "EscapeUtils.unescape_html is deprecated. Use GCI.unescapeHTML instead, performance is similar"
  CGI.unescapeHTML(html)
end

.unescape_url(string) ⇒ Object

# File 'lib/escape_utils.rb', line 70

def self.unescape_url(string)
  warn "EscapeUtils.unescape_url is deprecated. Use CGI.unescape instead, performance is similar"
  CGI.unescape(string)
end

Instance Method Details

#escape_html_once(str) ⇒ Object

HTML methods

# File 'ext/escape_utils/escape_utils.c', line 60

static VALUE rb_eu_escape_html_once(VALUE self, VALUE str)
{
	gh_buf buf = GH_BUF_INIT;
	Check_Type(str, T_STRING);
	check_utf8_encoding(str);

	if (houdini_escape_html_once(&buf, (const uint8_t *)RSTRING_PTR(str), RSTRING_LEN(str))) {
		VALUE result = rb_utf8_str_new(buf.ptr, buf.size);
		gh_buf_free(&buf);
		return result;
	}

	return str;
}

#escape_javascript(str) ⇒ Object

JavaScript methods

# File 'ext/escape_utils/escape_utils.c', line 88

static VALUE rb_eu_escape_js(VALUE self, VALUE str)
{
	return rb_eu__generic(rb_obj_as_string(str), &houdini_escape_js);
}

#escape_uri(str) ⇒ Object

URI methods

# File 'ext/escape_utils/escape_utils.c', line 101

static VALUE rb_eu_escape_uri(VALUE self, VALUE str)
{
	return rb_eu__generic(str, &houdini_escape_uri);
}

#escape_uri_component(str) ⇒ Object

URI component methods

# File 'ext/escape_utils/escape_utils.c', line 114

static VALUE rb_eu_escape_uri_component(VALUE self, VALUE str)
{
	return rb_eu__generic(str, &houdini_escape_uri_component);
}

#escape_xml(str) ⇒ Object

XML methods

# File 'ext/escape_utils/escape_utils.c', line 79

static VALUE rb_eu_escape_xml(VALUE self, VALUE str)
{
	return rb_eu__generic(str, &houdini_escape_xml);
}

#html_secure ⇒ Object

# File 'lib/escape_utils.rb', line 8

def html_secure
  warn "EscapeUtils.html_secure is deprecated"
  false
end

#html_secure=(val) ⇒ Object

# File 'lib/escape_utils.rb', line 13

def html_secure=(val)
  warn "EscapeUtils.html_secure is deprecated"
end

#unescape_javascript(str) ⇒ Object

# File 'ext/escape_utils/escape_utils.c', line 93

static VALUE rb_eu_unescape_js(VALUE self, VALUE str)
{
	return rb_eu__generic(str, &houdini_unescape_js);
}

#unescape_uri(str) ⇒ Object

# File 'ext/escape_utils/escape_utils.c', line 106

static VALUE rb_eu_unescape_uri(VALUE self, VALUE str)
{
	return rb_eu__generic(str, &houdini_unescape_uri);
}

#unescape_uri_component(str) ⇒ Object

# File 'ext/escape_utils/escape_utils.c', line 119

static VALUE rb_eu_unescape_uri_component(VALUE self, VALUE str)
{
	return rb_eu__generic(str, &houdini_unescape_uri_component);
}