Module: Inversion::Escaping

Included in:: Template::EscapeTag, Template::PpTag, Template::UriencodeTag

Defined in:: lib/inversion/mixins.rb

Overview

A mixin that adds configurable escaping to a tag class.

class MyTag < Inversion::Template::Tag
    include Inversion::Escaping

    def render( renderstate )
        val = self.get_rendered_value
        return self.escape( val.to_s, renderstate )
    end
end

To add a new kind of escaping to Inversion, add a #escape_<formatname> method to this module similar to #escape_html.

Constant Summary collapse

DEFAULT_ESCAPE_FORMAT = The fallback escape format

:none

URI_ENCODED_CHARACTERS = Unreserved characters from section 2.3 of RFC 3986 ALPHA / DIGIT / “-” / “.” / “_” / “~”

/[^\w\-\.~]/

Class Method Summary collapse

.included(mod) ⇒ Object

Inclusion callback; add Loggability if it isn’t already present.

Instance Method Summary collapse

#escape(output, render_state) ⇒ Object

Escape the output using the format specified by the given render_state‘s config.
#escape_html(output) ⇒ Object

Escape the given output using HTML entity-encoding.
#escape_uri(output) ⇒ Object

Escape the given output using the encoding specified in RFC3986 (URIs).

Class Method Details

.included(mod) ⇒ `Object`

Inclusion callback; add Loggability if it isn’t already present

# File 'lib/inversion/mixins.rb', line 139

def self::included( mod )
  super
  unless mod < Loggability
    mod.extend( Loggability )
    mod.log_to( :inversion )
  end
end

Instance Method Details

#escape(output, render_state) ⇒ `Object`

Escape the output using the format specified by the given render_state‘s config.

# File 'lib/inversion/mixins.rb', line 149

def escape( output, render_state )
  format = render_state.options[:escape_format] || DEFAULT_ESCAPE_FORMAT
  return output if format == :none

  unless self.respond_to?( "escape_#{format}" )
    self.log.error "Format %p not supported. To add support, define a #escape_%s to %s" %
      [ format, format, __FILE__ ]
    raise Inversion::OptionsError, "No such escape format %p" % [ format ]
  end

  return self.__send__( "escape_#{format}", output )
end

#escape_html(output) ⇒ `Object`

Escape the given output using HTML entity-encoding.

# File 'lib/inversion/mixins.rb', line 164

def escape_html( output )
  return output.to_s.
    gsub( /&/, '&amp;' ).
    gsub( /</, '&lt;' ).
    gsub( />/, '&gt;' )
end

#escape_uri(output) ⇒ `Object`

Escape the given output using the encoding specified in RFC3986 (URIs)

# File 'lib/inversion/mixins.rb', line 173

def escape_uri( output )
  return output.to_s.gsub( URI_ENCODED_CHARACTERS ) do |m|
    bytes = m[ 0 ].each_byte
    bytes.inject( String.new ) do |buf, char|
      buf + sprintf( '%%%0X', char )
    end
  end.force_encoding( Encoding::US_ASCII )
end