module ERB::Util

def html_escape(s)

# => is a > 0 & a < 10?
puts html_escape("is a > 0 & a < 10?")
==== Example:

<%=h @person.name %>
In your ERB templates, use this method to escape any unsafe content. For example:

This method is also aliased as h.
A utility method for escaping HTML tag characters.

def html_escape(s)
  s = s.to_s
  if s.html_safe?
    s
  else
    s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
  end
end

def html_escape(s) #:nodoc:

:nodoc:

def html_escape(s) #:nodoc:
  s = s.to_s
  if s.html_safe?
    s
  else
    s.gsub(/[&"'><]/n) { |special| HTML_ESCAPE[special] }.html_safe
  end
end

def json_escape(s)

<%=j @person.to_json %>

in Rails templates:
This method is also aliased as +j+, and available as a helper

# => {name:john,created_at:2010-04-28T01:39:31Z,id:1}
json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')

valid JSON. In particular double quotes are removed:
Note that after this operation is performed the output is not

# => is a \u003E 0 \u0026 a \u003C 10?
json_escape("is a > 0 & a < 10?")

using \uXXXX JavaScript escape sequences for string literals:
A utility method for escaping HTML entities in JSON strings

def json_escape(s)
  result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
  s.html_safe? ? result.html_safe : result
end

Instance Methods

Defined in

lib/active_support/core_ext/string/output_safety.rb

Modules

Classes