Class: CGI

Inherits:

Object

Object
CGI

show all

Defined in:: lib/standard/facets/cgi/esc.rb,
lib/standard/facets/cgi/marshal.rb,
lib/standard/facets/cgi/escape_html.rb

Class Method Summary collapse

.escape_xhtml(string, *modes) ⇒ Object

Extended HTML/XHTML escaping with mode support.

Instance Method Summary collapse

#esc(string, *modes) ⇒ Object

Instance level method for escape_html.
#marshal_from_cgi(name) ⇒ Object

Create an hidden input field through which an object can can be marshalled.
#marshal_to_cgi(name, iobj) ⇒ Object

Create an hidden input field through which an object can can be marshalled.

Class Method Details

.escape_xhtml(string, *modes) ⇒ `Object`

Extended HTML/XHTML escaping with mode support. Unlike Ruby’s built-in CGI.escape_html, this supports additional escape modes.

Available modes:

:quote - escapes single and double quotes
:newlines - escapes newline characters (\r and \n)
:ampersand - escapes the ampersand sign
:brackets - escapes less-than and greater-than signs
:default - escapes double quotes

By default all strings are escaped on ‘&`, `>`, `<` and `“`.

Examples:

CGI.escape_xhtml("<tag>")  #=> "&lt;tag&gt;"
CGI.escape_xhtml("Example\nString", :newlines)  #=> "Example&#13;&#10;String"
CGI.escape_xhtml("\"QUOTE\"", false)  #=> "\"QUOTE\""

# File 'lib/standard/facets/cgi/escape_html.rb', line 22

def self.escape_xhtml(string, *modes)
  modes << :default if modes.empty?

  unless modes.include?(:nonstandard)
    string = string.gsub(/&/, '&amp;').gsub(/>/, '&gt;').gsub(/</, '&lt;')
  end

  modes.each do |mode|
    string = \
      case mode
      when :quote, :quotes
        string.gsub(%r|"|,'&quot;').gsub(%r|'|,'&#39;')
      when :newlines
        string.gsub(/[\r\n]+/,'&#13;&#10;')
      when :ampersand
        string.gsub(/&/, '&amp;')
      when :bracket, :brackets
        string.gsub(/>/, '&gt;').gsub(/</, '&lt;')
      when :default, true
        string.gsub(/\"/, '&quot;')
      when false
        string
      else
        raise ArgumentError, "unrecognized HTML escape mode -- #{mode}"
      end
  end

  string
end

Instance Method Details

#esc(string, *modes) ⇒ `Object`

Instance level method for escape_html.



7
8
9

# File 'lib/standard/facets/cgi/esc.rb', line 7

def esc(string, *modes)
  self.class.escape_html(string, *modes)
end

#marshal_from_cgi(name) ⇒ `Object`

Create an hidden input field through which an object can can be marshalled. This makes it very easy to pass form data between requests.

# File 'lib/standard/facets/cgi/marshal.rb', line 14

def marshal_from_cgi(name)
  if self.params.has_key?("__#{name}__")
    return Marshal.load(CGI.unescape(self["__#{name}__"][0]))
  end
end

#marshal_to_cgi(name, iobj) ⇒ `Object`

Create an hidden input field through which an object can can be marshalled. This makes it very easy to pass form data betwenn requests.

# File 'lib/standard/facets/cgi/marshal.rb', line 7

def marshal_to_cgi(name, iobj)
  data = CGI.escape(Marshal.dump(iobj))
  return %Q{<input type="hidden" name="__#{name}__" value="#{data}"/>\n}
end