Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add json_escape ERB util to escape html entities in json strings that…

… are output in HTML pages. [rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9241 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea 1 parent 0bea3f8
@technoweenie technoweenie authored
View
2  actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]
+
* Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek]
e.g. ApplicationController.helpers.simple_format(text)
View
20 actionpack/lib/action_view/template_handlers/erb.rb
@@ -2,7 +2,8 @@
class ERB
module Util
- HTML_ESCAPE = { '&' => '&amp;', '"' => '&quot;', '>' => '&gt;', '<' => '&lt;' }
+ HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;' }
+ JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'}
# A utility method for escaping HTML tag characters.
# This method is also aliased as <tt>h</tt>.
@@ -16,6 +17,23 @@ module Util
def html_escape(s)
s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
end
+
+ # A utility method for escaping HTML entities in JSON strings.
+ # This method is also aliased as <tt>j</tt>.
+ #
+ # In your ERb templates, use this method to escape any HTML entities:
+ # <%=j @person.to_json %>
+ #
+ # ==== Example:
+ # puts json_escape("is a > 0 & a < 10?")
+ # # => is a \u003E 0 \u0026 a \u003C 10?
+ def json_escape(s)
+ s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+ end
+
+ alias j json_escape
+ module_function :j
+ module_function :json_escape
end
end
View
22 actionpack/test/template/erb_util_test.rb
@@ -2,21 +2,17 @@
class ErbUtilTest < Test::Unit::TestCase
include ERB::Util
-
- def test_amp
- assert_equal '&amp;', html_escape('&')
- end
-
- def test_quot
- assert_equal '&quot;', html_escape('"')
- end
- def test_lt
- assert_equal '&lt;', html_escape('<')
- end
+ ERB::Util::HTML_ESCAPE.each do |given, expected|
+ define_method "test_html_escape_#{expected.gsub /\W/, ''}" do
+ assert_equal expected, html_escape(given)
+ end
- def test_gt
- assert_equal '&gt;', html_escape('>')
+ unless given == '"'
+ define_method "test_json_escape_#{expected.gsub /\W/, ''}" do
+ assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given)
+ end
+ end
end
def test_rest_in_ascii
Please sign in to comment.
Something went wrong with that request. Please try again.