Commit 0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea to rails's rails

0ff7a2d
all branches
all tags
- v2.1.0_RC1
- v2.0.3
- v2.0.2
- v2.0.1
- v2.0.0_RC2
- v2.0.0_RC1
- v2.0.0_PR
- v2.0.0
- v1.2.6
- v1.2.5
- v1.2.4
- v1.2.3
- v1.2.2
- v1.2.1
- v1.2.0_RC2
- v1.2.0_RC1
- v1.2.0
- v1.1.6
- v1.1.5
- v1.1.4
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0_RC1
- v1.1.0
- v1.0.0
- v0.9.5
- v0.9.4.1
- v0.9.4
- v0.9.3
- v0.9.2
- v0.9.1
- v0.14.4
- v0.14.3
- v0.14.2
- v0.14.1
- v0.13.1
- v0.13.0
- v0.12.0
- v0.11.1
- v0.11.0
- v0.10.1
- v0.10.0
comments

rails / rails

this repo is viewable by everyone

Description:	Ruby on Rails
Homepage:	http://rubyonrails.org
Clone URL:	git://github.com/rails/rails.git Give this clone URL to anyone. `git clone git://github.com/rails/rails.git`

add json_escape ERB util to escape html entities in json strings that are 
output in HTML pages. [rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9241 
5ecf4fe2-1ee6-0310-87b1-e25e094e27de

technoweenie (author)

about 1 month ago

commit 0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea
tree af15ea4a71c680931264823859e8c71e2f6da1b5
parent 0bea3f8391e985157f3aecdf50a5d61de7aa7f0c

actionpack/CHANGELOG
actionpack/lib/action_view/template_handlers/erb.rb
actionpack/test/template/erb_util_test.rb

actionpack/CHANGELOG

0
@@ -1,5 +1,7 @@
0
 *SVN*
0
 
0
+* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]
0
+
0
 * Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek]
0
   e.g. ApplicationController.helpers.simple_format(text)
0

actionpack/lib/action_view/template_handlers/erb.rb

0
@@ -2,7 +2,8 @@ require 'erb'
0
 
0
 class ERB
0
   module Util
0
-    HTML_ESCAPE = { '&' => '&amp;', '"' => '&quot;', '>' => '&gt;', '<' => '&lt;' }
0
+    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;' }
0
+    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'}
0
 
0
     # A utility method for escaping HTML tag characters.
0
     # This method is also aliased as <tt>h</tt>.
0
@@ -16,6 +17,23 @@ class ERB
0
     def html_escape(s)
0
       s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
0
     end
0
+
0
+    # A utility method for escaping HTML entities in JSON strings.
0
+    # This method is also aliased as <tt>j</tt>.
0
+    #
0
+    # In your ERb templates, use this method to escape any HTML entities:
0
+    #   <%=j @person.to_json %>
0
+    #
0
+    # ==== Example:
0
+    #   puts json_escape("is a > 0 & a < 10?")
0
+    #   # => is a \u003E 0 \u0026 a \u003C 10?
0
+    def json_escape(s)
0
+      s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
0
+    end
0
+
0
+    alias j json_escape
0
+    module_function :j
0
+    module_function :json_escape
0
   end
0
 end
0

actionpack/test/template/erb_util_test.rb

0
@@ -2,21 +2,17 @@ require 'abstract_unit'
0
 
0
 class ErbUtilTest < Test::Unit::TestCase
0
   include ERB::Util
0
-  
0
-  def test_amp
0
-    assert_equal '&amp;', html_escape('&')
0
-  end
0
-  
0
-  def test_quot
0
-    assert_equal '&quot;', html_escape('"')
0
-  end
0
 
0
-  def test_lt
0
-    assert_equal '&lt;', html_escape('<')
0
-  end
0
+  ERB::Util::HTML_ESCAPE.each do |given, expected|
0
+    define_method "test_html_escape_#{expected.gsub /\W/, ''}" do
0
+      assert_equal expected, html_escape(given)
0
+    end
0
 
0
-  def test_gt
0
-    assert_equal '&gt;', html_escape('>')
0
+    unless given == '"'
0
+      define_method "test_json_escape_#{expected.gsub /\W/, ''}" do
0
+        assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given)
0
+      end
0
+    end
0
   end
0
   
0
   def test_rest_in_ascii

Comments

No one has commented yet.