Navigation

Changeset 9241 for trunk/actionpack/lib

Timestamp:

04/08/08 04:52:01 (8 months ago)

Author:

rick

Message:

add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]

Files:

r8689	r9241
3	3	class ERB
4	4	module Util
5		HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' }
	5	HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
	6	JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'}
6	7
7	8	# A utility method for escaping HTML tag characters.
…	…
17	18	s.to_s.gsub(/[&"><]/) { \|special\| HTML_ESCAPE[special] }
18	19	end
	20
	21	# A utility method for escaping HTML entities in JSON strings.
	22	# This method is also aliased as <tt>j</tt>.
	23	#
	24	# In your ERb templates, use this method to escape any HTML entities:
	25	# <%=j @person.to_json %>
	26	#
	27	# ==== Example:
	28	# puts json_escape("is a > 0 & a < 10?")
	29	# # => is a \u003E 0 \u0026 a \u003C 10?
	30	def json_escape(s)
	31	s.to_s.gsub(/[&"><]/) { \|special\| JSON_ESCAPE[special] }
	32	end
	33
	34	alias j json_escape
	35	module_function :j
	36	module_function :json_escape
19	37	end
20	38	end