Methods
H
J
Constants
HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
 
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
 
Class Public methods
h(s)
html_escape(s)

A utility method for escaping HTML tag characters. This method is also aliased as h.

In your ERB templates, use this method to escape any unsafe content. For example:

<%=h @person.name %>

Example:

puts html_escape("is a > 0 & a < 10?")
# => is a &gt; 0 &amp; a &lt; 10?
Also aliased as: h
# File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 17
def html_escape(s)
  s = s.to_s
  if s.html_safe?
    s
  else
    s.gsub(/[&"'><]/) { |special| HTML_ESCAPE[special] }.html_safe
  end
end
j(s)
json_escape(s)

A utility method for escaping HTML entities in JSON strings. This method is also aliased as j.

In your ERb templates, use this method to escape any HTML entities:

<%=j @person.to_json %>

Example:

puts json_escape("is a > 0 & a < 10?")
# => is a \u003E 0 \u0026 a \u003C 10?
Also aliased as: j
# File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 41
def json_escape(s)
  s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
end