Module ERB::Util
In: vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb

Methods

h   html_escape   j   json_escape  

Constants

HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }

Public Instance methods

h(s)

Alias for html_escape

html_escape(s)

A utility method for escaping HTML tag characters. This method is also aliased as h.

In your ERb templates, use this method to escape any unsafe content. For example: 

  <%=h @person.name %>

Example:

  puts html_escape("is a > 0 & a < 10?")
  # => is a &gt; 0 &amp; a &lt; 10?

[Source]

    # File vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb, line 33
33:     def html_escape(s)
34:       s = s.to_s
35:       if s.html_safe?
36:         s
37:       else
38:         s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;").html_safe
39:       end
40:     end
j(s)

Alias for json_escape

json_escape(s)

A utility method for escaping HTML entities in JSON strings. This method is also aliased as j.

In your ERb templates, use this method to escape any HTML entities: 

  <%=j @person.to_json %>

Example:

  puts json_escape("is a > 0 & a < 10?")
  # => is a \u003E 0 \u0026 a \u003C 10?

[Source]

    # File vendor/rails/activesupport/lib/active_support/core_ext/string/output_safety.rb, line 57
57:     def json_escape(s)
58:       s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
59:     end

[Validate]