How do I html_escape text data in a sinatra app?

问题

I have a small Sinatra app which generates html fragments for me from an ERB template.

How do I html_escape the output?

The <%=h somestring %> helper does not exist in Sinatra.

回答1:

Rack::Utils includes a HTML escape method. http://www.sinatrarb.com/faq.html#escape_html

回答2:

require 'CGI'

get '/html' do
  erb :view
end

def h(html)
  CGI.escapeHTML html
end

__END__
@@view
  <% File.open('my.html') do |f| %>
   <%=h f.read() %>
  <% end %>

来源：https://stackoverflow.com/questions/2123586/how-do-i-html-escape-text-data-in-a-sinatra-app

标签

ruby

sinatra

xss

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!