rails中的html_escape,escape_javascript
ERB::Util activesupport/lib/active_support/core_ext/string/output_safety.rbhtml_escape(s)A utility method for escaping
HTML tag characters. This method is also aliased as
h.In your
ERB templates, use this method to escape any unsafe content. For example:<%=
h
@person.
name %>Example:puts
html_escape(
“is a > 0 & a < 10?”)
=> is a > 0 & a < 10?Also aliased as:
hSource:
hide# File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 18
def
html_escape(
s)
s =
s.
to_s
if
s.
html_safe?
s
else
s.
gsub(
/&/,
“&”).
gsub(
/"/,
“"”).
gsub(
/>/,
“>”).
gsub(
/</,
“<”).
html_safe
end
end
ActionView::Helpers::JavaScriptHelper actionpack/lib/action_view/helpers/javascript_helper.rb
escape_javascript(javascript)Escape carrier returns and single and double quotes for JavaScript segments. Also available through the alias j(). This is particularly helpful in JavaScript responses, like:$(‘some_element’).
replaceWith(
’<%=j render ‘some/
element_template’ %>’);Also aliased as:
jSource:
hide# File actionpack/lib/action_view/helpers/javascript_helper.rb, line 19
def
escape_javascript(
javascript)
if
javascript
result =
javascript.
gsub(
/(|<\/ | \r\n | [\n\r”’])/) { |
match |
JS_ESCAPE_MAP[
match] }
javascript.
html_safe?
?
result.
- html_safe
result
else
’’
end
end