diff options
Diffstat (limited to 'actionpack/lib/action_view/template_handlers')
-rw-r--r-- | actionpack/lib/action_view/template_handlers/erb.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb index 022fc362e7..87cb09952c 100644 --- a/actionpack/lib/action_view/template_handlers/erb.rb +++ b/actionpack/lib/action_view/template_handlers/erb.rb @@ -4,6 +4,15 @@ class ERB module Util HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' } + # A utility method for escaping HTML tag characters. + # This method is also aliased as <tt>h</tt>. + # + # In your ERb templates, use this method to escape any unsafe content. For example: + # <%=h @person.name %> + # + # ==== Example: + # puts html_escape("is a > 0 & a < 10?") + # # => is a > 0 & a < 10? def html_escape(s) s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] } end |