module ERB::Util

def html_escape(s)

# => is a > 0 & a < 10?
puts html_escape('is a > 0 & a < 10?')

<%=h @person.name %>
In your ERB templates, use this method to escape any unsafe content. For example:

This method is also aliased as h.
A utility method for escaping HTML tag characters.

def html_escape(s)
  s = s.to_s
  if s.html_safe?
    s
  else
    s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
  end
end

def html_escape_once(s)

# => "<< Accept & Checkout"
html_escape_once('<< Accept & Checkout')

# => "1 < 2 & 3"
html_escape_once('1 < 2 & 3')

A utility method for escaping HTML without affecting existing escaped entities.

def html_escape_once(s)
  result = s.to_s.gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE)
  s.html_safe? ? result.html_safe : result
end

def json_escape(s)

# => {name:john,created_at:2010-04-28T01:39:31Z,id:1}
json_escape('{"name":"john","created_at":"2010-04-28T01:39:31Z","id":1}')

valid JSON. In particular double quotes are removed:
Note that after this operation is performed the output is not

# => is a \u003E 0 \u0026 a \u003C 10?
json_escape('is a > 0 & a < 10?')

using \uXXXX JavaScript escape sequences for string literals:
A utility method for escaping HTML entities in JSON strings

def json_escape(s)
  result = s.to_s.gsub(JSON_ESCAPE_REGEXP, JSON_ESCAPE)
  s.html_safe? ? result.html_safe : result
end

Instance Methods

Defined in

lib/active_support/core_ext/string/output_safety.rb

Modules

Classes