Skip to content
This repository
Browse code

add json_escape ERB util to escape html entities in json strings that…

… are output in HTML pages. [rick]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9241 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit 0ff7a2d89fc95dcb0a32ed92aab7156b0778a7ea 1 parent 0bea3f8
risk danger olson authored April 08, 2008
2  actionpack/CHANGELOG
... ...
@@ -1,5 +1,7 @@
1 1
 *SVN*
2 2
 
  3
+* add json_escape ERB util to escape html entities in json strings that are output in HTML pages. [rick]
  4
+
3 5
 * Provide a helper proxy to access helper methods from outside views. Closes #10839 [Josh Peek]
4 6
   e.g. ApplicationController.helpers.simple_format(text)
5 7
 
20  actionpack/lib/action_view/template_handlers/erb.rb
@@ -2,7 +2,8 @@
2 2
 
3 3
 class ERB
4 4
   module Util
5  
-    HTML_ESCAPE = { '&' => '&amp;', '"' => '&quot;', '>' => '&gt;', '<' => '&lt;' }
  5
+    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;' }
  6
+    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C'}
6 7
 
7 8
     # A utility method for escaping HTML tag characters.
8 9
     # This method is also aliased as <tt>h</tt>.
@@ -16,6 +17,23 @@ module Util
16 17
     def html_escape(s)
17 18
       s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
18 19
     end
  20
+
  21
+    # A utility method for escaping HTML entities in JSON strings.
  22
+    # This method is also aliased as <tt>j</tt>.
  23
+    #
  24
+    # In your ERb templates, use this method to escape any HTML entities:
  25
+    #   <%=j @person.to_json %>
  26
+    #
  27
+    # ==== Example:
  28
+    #   puts json_escape("is a > 0 & a < 10?")
  29
+    #   # => is a \u003E 0 \u0026 a \u003C 10?
  30
+    def json_escape(s)
  31
+      s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
  32
+    end
  33
+
  34
+    alias j json_escape
  35
+    module_function :j
  36
+    module_function :json_escape
19 37
   end
20 38
 end
21 39
 
22  actionpack/test/template/erb_util_test.rb
@@ -2,21 +2,17 @@
2 2
 
3 3
 class ErbUtilTest < Test::Unit::TestCase
4 4
   include ERB::Util
5  
-  
6  
-  def test_amp
7  
-    assert_equal '&amp;', html_escape('&')
8  
-  end
9  
-  
10  
-  def test_quot
11  
-    assert_equal '&quot;', html_escape('"')
12  
-  end
13 5
 
14  
-  def test_lt
15  
-    assert_equal '&lt;', html_escape('<')
16  
-  end
  6
+  ERB::Util::HTML_ESCAPE.each do |given, expected|
  7
+    define_method "test_html_escape_#{expected.gsub /\W/, ''}" do
  8
+      assert_equal expected, html_escape(given)
  9
+    end
17 10
 
18  
-  def test_gt
19  
-    assert_equal '&gt;', html_escape('>')
  11
+    unless given == '"'
  12
+      define_method "test_json_escape_#{expected.gsub /\W/, ''}" do
  13
+        assert_equal ERB::Util::JSON_ESCAPE[given], json_escape(given)
  14
+      end
  15
+    end
20 16
   end
21 17
   
22 18
   def test_rest_in_ascii

0 notes on commit 0ff7a2d

Please sign in to comment.
Something went wrong with that request. Please try again.