require 'erb' class ERB module Util HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' } # A utility method for escaping HTML tag characters. # This method is also aliased as h. # # In your ERb templates, use this method to escape any unsafe content. For example: # <%=h @person.name %> # # ==== Example: # puts html_escape("is a > 0 & a < 10?") # # => is a > 0 & a < 10? def html_escape(s) s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] } end end end module ActionView module TemplateHandlers class ERB < TemplateHandler def compile(template) ::ERB.new(template, nil, @view.erb_trim_mode).src end end end end