Methods
- E
- H
- P
- R
- U
Constants
| TABLE_FOR_ESCAPE_HTML__ | = | { "'" => ''', '&' => '&', '"' => '"', '<' => '<', '>' => '>', } |
The set of special characters and their escaped values |
||
Instance Public methods
escape(string) Link
URL-encode a string into application/x-www-form-urlencoded. Space characters (+“ ”+) are encoded with plus signs (+“+”+)
url_encoded_string = CGI.escape("'Stop!' said Fred")
# => "%27Stop%21%27+said+Fred"
escapeElement(string, *elements) Link
Escape only the tags of certain HTML elements in string.
Takes an element or elements or array of elements. Each element is specified by the name of the element, without angle brackets. This matches both the start and the end tag of that element. The attribute list of the open tag will also be escaped (for instance, the double-quotes surrounding attribute values).
print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
# "<BR><A HREF="url"></A>"
print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
# "<BR><A HREF="url"></A>"
Also aliased as: escape_element
escapeHTML(string) Link
Escape special characters in HTML, namely ‘&"<>
CGI.escapeHTML('Usage: foo "bar" <baz>')
# => "Usage: foo "bar" <baz>"
Also aliased as: escape_html, h
# File ruby/lib/cgi/util.rb, line 77 def escapeHTML(string) enc = string.encoding unless enc.ascii_compatible? if enc.dummy? origenc = enc enc = Encoding::Converter.asciicompat_encoding(enc) string = enc ? string.encode(enc) : string.b end table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}] string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table) string.encode!(origenc) if origenc string else string = string.b string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) string.force_encoding(enc) end end
escapeURIComponent(string) Link
URL-encode a string following RFC 3986 Space characters (+“ ”+) are encoded with (+“%20”+)
url_encoded_string = CGI.escapeURIComponent("'Stop!' said Fred")
# => "%27Stop%21%27%20said%20Fred"
Also aliased as: escape_uri_component
pretty(string, shift = " ") Link
Prettify (indent) an HTML string.
string is the HTML string to indent. shift is the indentation unit to use; it defaults to two spaces.
print CGI.pretty("<HTML><BODY></BODY></HTML>")
# <HTML>
# <BODY>
# </BODY>
# </HTML>
print CGI.pretty("<HTML><BODY></BODY></HTML>", "\t")
# <HTML>
# <BODY>
# </BODY>
# </HTML>
# File ruby/lib/cgi/util.rb, line 246 def pretty(string, shift = " ") lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n") end_pos = 0 while end_pos = lines.index(/^<\/(\w+)/, end_pos) element = $1.dup start_pos = lines.rindex(/^\s*<#{element}/i, end_pos) lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__" end lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1') end
rfc1123_date(time) Link
Format a Time object as a String using the format specified by RFC 1123.
CGI.rfc1123_date(Time.now)
# Sat, 01 Jan 2000 00:00:00 GMT
unescape(string, encoding = @@accept_charset) Link
URL-decode an application/x-www-form-urlencoded string with encoding(optional).
string = CGI.unescape("%27Stop%21%27+said+Fred")
# => "'Stop!' said Fred"
# File ruby/lib/cgi/util.rb, line 27 def unescape(string, encoding = @@accept_charset) str = string.tr('+', ' ') str = str.b str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m| [m.delete('%')].pack('H*') end str.force_encoding(encoding) str.valid_encoding? ? str : str.force_encoding(string.encoding) end
unescapeElement(string, *elements) Link
Undo escaping such as that done by CGI.escapeElement()
print CGI.unescapeElement(
CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
# "<BR><A HREF="url"></A>"
print CGI.unescapeElement(
CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
# "<BR><A HREF="url"></A>"
Also aliased as: unescape_element
unescapeHTML(string) Link
Unescape a string that has been HTML-escaped
CGI.unescapeHTML("Usage: foo "bar" <baz>")
# => "Usage: foo \"bar\" <baz>"
Also aliased as: unescape_html
# File ruby/lib/cgi/util.rb, line 107 def unescapeHTML(string) enc = string.encoding unless enc.ascii_compatible? if enc.dummy? origenc = enc enc = Encoding::Converter.asciicompat_encoding(enc) string = enc ? string.encode(enc) : string.b end string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do case $1.encode(Encoding::US_ASCII) when 'apos' then "'".encode(enc) when 'amp' then '&'.encode(enc) when 'quot' then '"'.encode(enc) when 'gt' then '>'.encode(enc) when 'lt' then '<'.encode(enc) when /\A#0*(\d+)\z/ then $1.to_i.chr(enc) when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc) end end string.encode!(origenc) if origenc return string end return string unless string.include? '&' charlimit = case enc when Encoding::UTF_8; 0x10ffff when Encoding::ISO_8859_1; 256 else 128 end string = string.b string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do match = $1.dup case match when 'apos' then "'" when 'amp' then '&' when 'quot' then '"' when 'gt' then '>' when 'lt' then '<' when /\A#0*(\d+)\z/ n = $1.to_i if n < charlimit n.chr(enc) else "&##{$1};" end when /\A#x([0-9a-f]+)\z/i n = $1.hex if n < charlimit n.chr(enc) else "&#x#{$1};" end else "&#{match};" end end string.force_encoding enc end
unescapeURIComponent(string, encoding = @@accept_charset) Link
URL-decode a string following RFC 3986 with encoding(optional).
string = CGI.unescapeURIComponent("%27Stop%21%27+said%20Fred")
# => "'Stop!'+said Fred"
Also aliased as: unescape_uri_component
# File ruby/lib/cgi/util.rb, line 54 def unescapeURIComponent(string, encoding = @@accept_charset) str = string.b str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m| [m.delete('%')].pack('H*') end str.force_encoding(encoding) str.valid_encoding? ? str : str.force_encoding(string.encoding) end
unescape_element(string, *elements) Link
Synonym for CGI.unescapeElement(str)
Alias for: unescapeElement