Methods
Constants
HTML_ESCAPE | = | { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } |
JSON_ESCAPE | = | { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } |
HTML_ESCAPE_ONCE_REGEXP | = | /["><']|&(?!([a-zA-Z]+|(#\d+));)/ |
JSON_ESCAPE_REGEXP | = | /[&"><]/ |
Class Public methods
h(s)
Link
html_escape(s)
Link
A utility method for escaping HTML tag
characters. This method is also aliased as h
.
In your ERB templates, use this method to escape any unsafe content. For example:
<%=h @person.name %> puts html_escape('is a > 0 & a < 10?') # => is a > 0 & a < 10?
Also aliased as: h
html_escape_once(s)
Link
A utility method for escaping HTML without affecting existing escaped entities.
html_escape_once('1 < 2 & 3') # => "1 < 2 & 3" html_escape_once('<< Accept & Checkout') # => "<< Accept & Checkout"
json_escape(s)
Link
A utility method for escaping HTML entities in JSON strings using uXXXX JavaScript escape sequences for string literals:
json_escape('is a > 0 & a < 10?') # => is a \u003E 0 \u0026 a \u003C 10?
Note that after this operation is performed the output is not valid JSON. In particular double quotes are removed:
json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}') # => {name:john,created_at:2010-04-28T01:39:31Z,id:1}