erb.rb

Revision 9241, 1.6 kB (checked in by rick, 2 years ago)
add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]

Line
1	require 'erb'
2
3	class ERB
4	module Util
5	HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
6	JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'}
7
8	# A utility method for escaping HTML tag characters.
9	# This method is also aliased as <tt>h</tt>.
10	#
11	# In your ERb templates, use this method to escape any unsafe content. For example:
12	# <%=h @person.name %>
13	#
14	# ==== Example:
15	# puts html_escape("is a > 0 & a < 10?")
16	# # => is a > 0 & a < 10?
17	def html_escape(s)
18	s.to_s.gsub(/[&"><]/) { \|special\| HTML_ESCAPE[special] }
19	end
20
21	# A utility method for escaping HTML entities in JSON strings.
22	# This method is also aliased as <tt>j</tt>.
23	#
24	# In your ERb templates, use this method to escape any HTML entities:
25	# <%=j @person.to_json %>
26	#
27	# ==== Example:
28	# puts json_escape("is a > 0 & a < 10?")
29	# # => is a \u003E 0 \u0026 a \u003C 10?
30	def json_escape(s)
31	s.to_s.gsub(/[&"><]/) { \|special\| JSON_ESCAPE[special] }
32	end
33
34	alias j json_escape
35	module_function :j
36	module_function :json_escape
37	end
38	end
39
40	module ActionView
41	module TemplateHandlers
42	class ERB < TemplateHandler
43	include Compilable
44
45	def compile(template)
46	::ERB.new(template, nil, @view.erb_trim_mode).src
47	end
48
49	def cache_fragment(block, name = {}, options = nil) #:nodoc:
50	@view.fragment_for(block, name, options) do
51	eval(ActionView::Base.erb_variable, block.binding)
52	end
53	end
54	end
55	end
56	end

Note: See TracBrowser for help on using the browser.

Rails Trac