Module: CGI::Util
| Relationships & Source Files | |
| Extension / Inclusion / Inheritance Descendants | |
|
Extended In:
| |
|
Included In:
| |
| Defined in: | lib/cgi/core.rb, ext/cgi/escape/escape.c, lib/cgi/util.rb, lib/cgi/util.rb |
Constant Summary
-
RFC822_DAYS =
# File 'lib/cgi/util.rb', line 178
Abbreviated day-of-week names specified by RFC 822
%w[ Sun Mon Tue Wed Thu Fri Sat ] -
RFC822_MONTHS =
# File 'lib/cgi/util.rb', line 181
Abbreviated month names specified by RFC 822
%w[ Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ] -
TABLE_FOR_ESCAPE_HTML__ =
# File 'lib/cgi/util.rb', line 30
The set of special characters and their escaped values
{ "'" => ''', '&' => '&', '"' => '"', '<' => '<', '>' => '>', }
Instance Method Summary
-
#escape(string)
URL-encode a string.
-
#escape_element(string, *elements)
Alias for #escapeElement.
-
#escape_html(string)
Alias for #escapeHTML.
-
#escapeElement(string, *elements)
(also: #escape_element)
Escape only the tags of certain HTML elements in
string. -
#escapeHTML(string)
(also: #escape_html, #h)
Escape special characters in HTML, namely '&"<>.
-
#h(string)
Alias for #escapeHTML.
-
#pretty(string, shift = " ")
Prettify (indent) an HTML string.
-
#rfc1123_date(time)
Format a
Timeobject as a String using the format specified by RFC 1123. -
#unescape(string, encoding = @@accept_charset)
URL-decode a string with encoding(optional).
-
#unescape_element(string, *elements)
Alias for #unescapeElement.
-
#unescape_html(string)
Alias for #unescapeHTML.
-
#unescapeElement(string, *elements)
(also: #unescape_element)
Undo escaping such as that done by CGI::escapeElement().
-
#unescapeHTML(string)
(also: #unescape_html)
Unescape a string that has been HTML-escaped.
Instance Method Details
#escape(string)
URL-encode a string.
url_encoded_string = CGI::escape("'Stop!' said Fred")
# => "%27Stop%21%27saidFred"# File 'lib/cgi/util.rb', line 12
def escape(string) encoding = string.encoding string.b.gsub(/([^ a-zA-Z0-9_.\-~]+)/) do |m| '%' + m.unpack('H2' * m.bytesize).join('%').upcase end.tr(' ', '+').force_encoding(encoding) end
#escape_element(string, *elements)
Alias for #escapeElement.
# File 'lib/cgi/util.rb', line 172
alias escape_element escapeElement
#escape_html(string)
Alias for #escapeHTML.
# File 'lib/cgi/util.rb', line 122
alias escape_html escapeHTML
#escapeElement(string, *elements) Also known as: #escape_element
Escape only the tags of certain HTML elements in string.
Takes an element or elements or array of elements. Each element is specified by the name of the element, without angle brackets. This matches both the start and the end tag of that element. The attribute list of the open tag will also be escaped (for instance, the double-quotes surrounding attribute values).
print CGI::escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
# "<BR><A HREF="url"></A>"
print CGI::escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
# "<BR><A HREF="url"></A>"# File 'lib/cgi/util.rb', line 140
def escapeElement(string, *elements) elements = elements[0] if elements[0].kind_of?(Array) unless elements.empty? string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do CGI::escapeHTML($&) end else string end end
#escapeHTML(string) Also known as: #escape_html, #h
# File 'lib/cgi/util.rb', line 41
def escapeHTML(string) enc = string.encoding unless enc.ascii_compatible? if enc.dummy? origenc = enc enc = Encoding::Converter.asciicompat_encoding(enc) string = enc ? string.encode(enc) : string.b end table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}] string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table) string.encode!(origenc) if origenc return string end string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) end
#h(string)
Alias for #escapeHTML.
# File 'lib/cgi/util.rb', line 222
alias h escapeHTML
#pretty(string, shift = " ")
Prettify (indent) an HTML string.
string is the HTML string to indent. shift is the indentation unit to use; it defaults to two spaces.
print CGI::pretty("<HTML><BODY></BODY></HTML>")
# <HTML>
# <BODY>
# </BODY>
# </HTML>
print CGI::pretty("<HTML><BODY></BODY></HTML>", "\t")
# <HTML>
# <BODY>
# </BODY>
# </HTML># File 'lib/cgi/util.rb', line 211
def pretty(string, shift = " ") lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n") end_pos = 0 while end_pos = lines.index(/^<\/(\w+)/, end_pos) element = $1.dup start_pos = lines.rindex(/^\s*<#{element}/i, end_pos) lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__" end lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1') end
#rfc1123_date(time)
Format a Time object as a String using the format specified by RFC 1123.
CGI::rfc1123_date(Time.now)
# Sat, 01 Jan 2000 00:00:00 GMT# File 'lib/cgi/util.rb', line 187
def rfc1123_date(time) t = time.clone.gmtime return format("%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT", RFC822_DAYS[t.wday], t.day, RFC822_MONTHS[t.month-1], t.year, t.hour, t.min, t.sec) end
#unescape(string, encoding = @@accept_charset)
URL-decode a string with encoding(optional).
string = CGI::unescape("%27Stop%21%27saidFred")
# => "'Stop!' said Fred"# File 'lib/cgi/util.rb', line 22
def unescape(string,encoding=@@accept_charset) str=string.tr('+', ' ').b.gsub(/((?:%[0-9a-fA-F]{2})+)/) do |m| [m.delete('%')].pack('H*') end.force_encoding(encoding) str.valid_encoding? ? str : str.force_encoding(string.encoding) end
#unescape_element(string, *elements)
Alias for #unescapeElement.
# File 'lib/cgi/util.rb', line 175
alias unescape_element unescapeElement
#unescape_html(string)
Alias for #unescapeHTML.
# File 'lib/cgi/util.rb', line 125
alias unescape_html unescapeHTML
#unescapeElement(string, *elements) Also known as: #unescape_element
Undo escaping such as that done by CGI::escapeElement()
print CGI::unescapeElement(
CGI::escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
# "<BR><A HREF="url"></A>"
print CGI::unescapeElement(
CGI::escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
# "<BR><A HREF="url"></A>"# File 'lib/cgi/util.rb', line 160
def unescapeElement(string, *elements) elements = elements[0] if elements[0].kind_of?(Array) unless elements.empty? string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do unescapeHTML($&) end else string end end
#unescapeHTML(string) Also known as: #unescape_html
Unescape a string that has been HTML-escaped
CGI::unescapeHTML("Usage: foo "bar" <baz>")
# => "Usage: foo \"bar\" <baz>"# File 'lib/cgi/util.rb', line 65
def unescapeHTML(string) enc = string.encoding unless enc.ascii_compatible? if enc.dummy? origenc = enc enc = Encoding::Converter.asciicompat_encoding(enc) string = enc ? string.encode(enc) : string.b end string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]|#x[0-9A-Fa-f]);'.encode(enc))) do case $1.encode(Encoding::US_ASCII) when 'apos' then "'".encode(enc) when 'amp' then '&'.encode(enc) when 'quot' then '"'.encode(enc) when 'gt' then '>'.encode(enc) when 'lt' then '<'.encode(enc) when /\A#0*(\d+)\z/ then $1.to_i.chr(enc) when /\A#x([0-9a-f]+)\z/i then $1.hex.chr(enc) end end string.encode!(origenc) if origenc return string end return string unless string.include? '&' charlimit = case enc when Encoding::UTF_8; 0x10ffff when Encoding::ISO_8859_1; 256 else 128 end string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]|\#[xX][0-9A-Fa-f]);/) do match = $1.dup case match when 'apos' then "'" when 'amp' then '&' when 'quot' then '"' when 'gt' then '>' when 'lt' then '<' when /\A#0*(\d+)\z/ n = $1.to_i if n < charlimit n.chr(enc) else "&##{$1};" end when /\A#x([0-9a-f]+)\z/i n = $1.hex if n < charlimit n.chr(enc) else "&#x#{$1};" end else "&#{match};" end end end