diff options
Diffstat (limited to 'actionpack/lib/action_view/template_handlers/erb.rb')
-rw-r--r-- | actionpack/lib/action_view/template_handlers/erb.rb | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb index 3389c124eb..6535dd2e25 100644 --- a/actionpack/lib/action_view/template_handlers/erb.rb +++ b/actionpack/lib/action_view/template_handlers/erb.rb @@ -2,7 +2,8 @@ require 'erb' class ERB module Util - HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' } + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } + JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'} # A utility method for escaping HTML tag characters. # This method is also aliased as <tt>h</tt>. @@ -16,6 +17,23 @@ class ERB def html_escape(s) s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] } end + + # A utility method for escaping HTML entities in JSON strings. + # This method is also aliased as <tt>j</tt>. + # + # In your ERb templates, use this method to escape any HTML entities: + # <%=j @person.to_json %> + # + # ==== Example: + # puts json_escape("is a > 0 & a < 10?") + # # => is a \u003E 0 \u0026 a \u003C 10? + def json_escape(s) + s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } + end + + alias j json_escape + module_function :j + module_function :json_escape end end |