Module: ERB::Util

Included in:
ActionView::Base
Defined in:
activesupport/lib/active_support/core_ext/string/output_safety.rb

Constant Summary collapse

HTML_ESCAPE =
{ '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;', "'" => '&#x27;' }
JSON_ESCAPE =
{ '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }

Class Method Summary collapse

Class Method Details

.hObject

:nodoc:



40
41
42
43
44
45
46
47
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 40

def html_escape(s)
  s = s.to_s
  if s.html_safe?
    s
  else
    s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
  end
end

.html_escape(s) ⇒ Object

:nodoc:



19
20
21
22
23
24
25
26
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 19

def html_escape(s)
  s = s.to_s
  if s.html_safe?
    s
  else
    s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
  end
end

.jObject

A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals:

json_escape("is a > 0 & a < 10?")
# => is a \u003E 0 \u0026 a \u003C 10?

Note that after this operation is performed the output is not valid JSON. In particular double quotes are removed:

json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')
# => {name:john,created_at:2010-04-28T01:39:31Z,id:1}

This method is also aliased as j, and available as a helper in Rails templates:

<%=j @person.to_json %>


69
70
71
72
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 69

def json_escape(s)
  result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
  s.html_safe? ? result.html_safe : result
end

.json_escape(s) ⇒ Object

A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals:

json_escape("is a > 0 & a < 10?")
# => is a \u003E 0 \u0026 a \u003C 10?

Note that after this operation is performed the output is not valid JSON. In particular double quotes are removed:

json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')
# => {name:john,created_at:2010-04-28T01:39:31Z,id:1}

This method is also aliased as j, and available as a helper in Rails templates:

<%=j @person.to_json %>


64
65
66
67
# File 'activesupport/lib/active_support/core_ext/string/output_safety.rb', line 64

def json_escape(s)
  result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
  s.html_safe? ? result.html_safe : result
end