Methods
Constants
| HTML_ESCAPE | = | { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } |
| JSON_ESCAPE | = | { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } |
Public Instance methods
Alias for html_escape
A utility method for escaping HTML tag characters. This method is also aliased as h.
In your ERb templates, use this method to escape any unsafe content. For example:
<%=h @person.name %>
Example:
puts html_escape("is a > 0 & a < 10?")
# => is a > 0 & a < 10?
This method is also aliased as
h
[ show source ]
# File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 17
17: def html_escape(s)
18: s = s.to_s
19: if s.html_safe?
20: s
21: else
22: s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
23: end
24: end
Alias for json_escape
A utility method for escaping HTML entities in JSON strings. This method is also aliased as j.
In your ERb templates, use this method to escape any HTML entities:
<%=j @person.to_json %>
Example:
puts json_escape("is a > 0 & a < 10?")
# => is a \u003E 0 \u0026 a \u003C 10?
This method is also aliased as
j
[ show source ]
# File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 41
41: def json_escape(s)
42: s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
43: end