lib/roda/plugins/h.rb in roda-2.18.0 vs lib/roda/plugins/h.rb in roda-2.19.0
- old
+ new
@@ -12,13 +12,26 @@
#
# route do |r|
# h('<foo>')
# end
module H
+ # A Hash of entities and their escaped equivalents,
+ # to be escaped by h().
+ ESCAPE_HTML = {
+ "&" => "&".freeze,
+ "<" => "<".freeze,
+ ">" => ">".freeze,
+ "'" => "'".freeze,
+ '"' => """.freeze,
+ }.freeze
+
+ # A Regexp of HTML entities to match for escaping.
+ ESCAPE_HTML_PATTERN = Regexp.union(*ESCAPE_HTML.keys)
+
module InstanceMethods
# HTML escape the input and return the escaped version.
- def h(s)
- ::Rack::Utils.escape_html(s.to_s)
+ def h(string)
+ string.to_s.gsub(ESCAPE_HTML_PATTERN){|c| ESCAPE_HTML[c] }
end
end
end
register_plugin(:h, H)