blob: 60a4478c269f97143e01f2ddd6da5b65233f4765 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
require 'active_support/core_ext/string/output_safety'
module ActionView #:nodoc:
# = Action View Raw Output Helper
module Helpers #:nodoc:
module OutputSafetyHelper
# This method outputs without escaping a string. Since escaping tags is
# now default, this can be used when you don't want Rails to automatically
# escape tags. This is not recommended if the data is coming from the user's
# input.
#
# For example:
#
# raw @user.name
# # => 'Jimmy <alert>Tables</alert>'
def raw(stringish)
stringish.to_s.html_safe
end
# This method returns a html safe string similar to what <tt>Array#join</tt>
# would return. All items in the array, including the supplied separator, are
# html escaped unless they are html safe, and the returned string is marked
# as html safe.
#
# safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
# # => "<p>foo</p><br /><p>bar</p>"
#
# safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe)
# # => "<p>foo</p><br /><p>bar</p>"
#
def safe_join(array, sep=$,)
sep = ERB::Util.html_escape(sep)
array.map { |i| ERB::Util.html_escape(i) }.join(sep).html_safe
end
end
end
end
|
