diff options
| author | Rick Olson <technoweenie@gmail.com> | 2008-04-08 04:52:01 +0000 |
|---|---|---|
| committer | Rick Olson <technoweenie@gmail.com> | 2008-04-08 04:52:01 +0000 |
| commit | 0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea (patch) | |
| tree | af15ea4a71c680931264823859e8c71e2f6da1b5 | |
| parent | 0bea3f8391e985157f3aecdf50a5d61de7aa7f0c (diff) | |
| download | rails-0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea.tar.gz rails-0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea.tar.bz2 rails-0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea.zip | |
add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9241 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/template_handlers/erb.rb | 20 | ||||
| -rw-r--r-- | actionpack/test/template/erb_util_test.rb | 22 |
3 files changed, 30 insertions, 14 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index fe9e2ebd5f..dd1447a25e 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick] + * Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek] e.g. ApplicationController.helpers.simple_format(text) diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb index 3389c124eb..6535dd2e25 100644 --- a/actionpack/lib/action_view/template_handlers/erb.rb +++ b/actionpack/lib/action_view/template_handlers/erb.rb @@ -2,7 +2,8 @@ require 'erb' class ERB module Util - HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' } + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } + JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'} # A utility method for escaping HTML tag characters. # This method is also aliased as <tt>h</tt>. @@ -16,6 +17,23 @@ class ERB def html_escape(s) s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] } end + + # A utility method for escaping HTML entities in JSON strings. + # This method is also aliased as <tt>j</tt>. + # + # In your ERb templates, use this method to escape any HTML entities: + # <%=j @person.to_json %> + # + # ==== Example: + # puts json_escape("is a > 0 & a < 10?") + # # => is a \u003E 0 \u0026 a \u003C 10? + def json_escape(s) + s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } + end + + alias j json_escape + module_function :j + module_function :json_escape end end diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb index fe599115df..c8c986f218 100644 --- a/actionpack/test/template/erb_util_test.rb +++ b/actionpack/test/template/erb_util_test.rb @@ -2,21 +2,17 @@ require 'abstract_unit' class ErbUtilTest < Test::Unit::TestCase include ERB::Util - - def test_amp - assert_equal '&', html_escape('&') - end - - def test_quot - assert_equal '"', html_escape('"') - end - def test_lt - assert_equal '<', html_escape('<') - end + ERB::Util::HTML_ESCAPE.each do |given, expected| + define_method "test_html_escape_#{expected.gsub /\W/, ''}" do + assert_equal expected, html_escape(given) + end - def test_gt - assert_equal '>', html_escape('>') + unless given == '"' + define_method "test_json_escape_#{expected.gsub /\W/, ''}" do + assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given) + end + end end def test_rest_in_ascii |