From 0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea Mon Sep 17 00:00:00 2001 From: Rick Olson Date: Tue, 8 Apr 2008 04:52:01 +0000 Subject: add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9241 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/lib/action_view/template_handlers/erb.rb | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_view') diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb index 3389c124eb..6535dd2e25 100644 --- a/actionpack/lib/action_view/template_handlers/erb.rb +++ b/actionpack/lib/action_view/template_handlers/erb.rb @@ -2,7 +2,8 @@ require 'erb' class ERB module Util - HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' } + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } + JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'} # A utility method for escaping HTML tag characters. # This method is also aliased as h. @@ -16,6 +17,23 @@ class ERB def html_escape(s) s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] } end + + # A utility method for escaping HTML entities in JSON strings. + # This method is also aliased as j. + # + # In your ERb templates, use this method to escape any HTML entities: + # <%=j @person.to_json %> + # + # ==== Example: + # puts json_escape("is a > 0 & a < 10?") + # # => is a \u003E 0 \u0026 a \u003C 10? + def json_escape(s) + s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } + end + + alias j json_escape + module_function :j + module_function :json_escape end end -- cgit v1.2.3