/usr/lib/ruby/vendor_ruby/active_support/core_ext/string/output_safety.rb is in ruby-activesupport-2.3 2.3.14-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 | require 'erb'
class ERB
module Util
HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
# A utility method for escaping HTML tag characters.
# This method is also aliased as <tt>h</tt>.
#
# In your ERb templates, use this method to escape any unsafe content. For example:
# <%=h @person.name %>
#
# ==== Example:
# puts html_escape("is a > 0 & a < 10?")
# # => is a > 0 & a < 10?
def html_escape(s)
s = s.to_s
if s.html_safe?
s
else
s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<").html_safe
end
end
undef :h
alias h html_escape
module_function :html_escape
module_function :h
# A utility method for escaping HTML entities in JSON strings.
# This method is also aliased as <tt>j</tt>.
#
# In your ERb templates, use this method to escape any HTML entities:
# <%=j @person.to_json %>
#
# ==== Example:
# puts json_escape("is a > 0 & a < 10?")
# # => is a \u003E 0 \u0026 a \u003C 10?
def json_escape(s)
s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
end
alias j json_escape
module_function :j
module_function :json_escape
end
end
class Object
def html_safe?
false
end
end
class Fixnum
def html_safe?
true
end
end
module ActiveSupport #:nodoc:
class SafeBuffer < String
def +(other)
dup.concat(other)
end
def html_safe?
true
end
def html_safe
self
end
def to_s
self
end
def to_yaml(*args)
to_str.to_yaml(*args)
end
end
end
class String
alias safe_concat concat
def as_str
self
end
def html_safe
ActiveSupport::SafeBuffer.new(self)
end
def html_safe?
false
end
end
|