Module: Spinel::View

Defined in:
lib/fresco/runtime/runtime.rb

Class Method Summary collapse

Class Method Details

.attr(value) ⇒ Object 



797
798
799
800
801
802
803
804
805
806
807
808
 
# File 'lib/fresco/runtime/runtime.rb', line 797

def self.attr(value)
  s = value.to_s
  s = s.gsub("&", "&")
  s = s.gsub('"', """)
  s = s.gsub("'", "'")
  s = s.gsub("<", "&lt;")
  s = s.gsub(">", "&gt;")
  s = s.gsub("\n", "&#10;")
  s = s.gsub("\r", "&#13;")
  s = s.gsub("\t", "&#9;")
  s
end

.css(value) ⇒ Object 



827
828
829
830
831
832
833
834
835
836
 
# File 'lib/fresco/runtime/runtime.rb', line 827

def self.css(value)
  s = value.to_s
  s = s.gsub("\\", "\\\\")
  s = s.gsub('"', "\\\"")
  s = s.gsub("'", "\\'")
  s = s.gsub("<", "\\3c ")
  s = s.gsub(">", "\\3e ")
  s = s.gsub("&", "\\26 ")
  s
end

.h(value) ⇒ Object 



787
788
789
790
791
792
793
794
795
 
# File 'lib/fresco/runtime/runtime.rb', line 787

def self.h(value)
  s = value.to_s
  s = s.gsub("&", "&amp;")
  s = s.gsub("<", "&lt;")
  s = s.gsub(">", "&gt;")
  s = s.gsub('"', "&quot;")
  s = s.gsub("'", "&#39;")
  s
end

.js(value) ⇒ Object

MVP js/css escapers: conservative replacements rather than the codepoint-driven gsub-with-block Herb ships. Good enough to keep ‘</script>` and CSS terminators from breaking out; extend later.



813
814
815
816
817
818
819
820
821
822
823
824
825
 
# File 'lib/fresco/runtime/runtime.rb', line 813

def self.js(value)
  s = value.to_s
  s = s.gsub("\\", "\\\\")
  s = s.gsub("\n", "\\n")
  s = s.gsub("\r", "\\r")
  s = s.gsub("\t", "\\t")
  s = s.gsub("'", "\\'")
  s = s.gsub('"', "\\\"")
  s = s.gsub("<", "\\u003c")
  s = s.gsub(">", "\\u003e")
  s = s.gsub("&", "\\u0026")
  s
end