I have a small Sinatra app which generates html fragments for me from an ERB template. How do I html_escape the output? The <%=h somestring %> helper does not exist in Sinatra.

How do I html_escape text data in a sinatra app?

2 Answers

Rack::Utils includes a HTML escape method. http://www.sinatrarb.com/faq.html#escape_html

146

answered Sep 25 '22 07:09

fatnic

require 'CGI'

get '/html' do
  erb :view
end

def h(html)
  CGI.escapeHTML html
end

__END__
@@view
  <% File.open('my.html') do |f| %>
   <%=h f.read() %>
  <% end %>

answered Sep 25 '22 07:09

ruvan

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

How do I html_escape text data in a sinatra app?

Tags:

ruby

xss

sinatra

marshally

2 Answers

fatnic

ruvan

Recent Activity

Donate For Us

How do I html_escape text data in a sinatra app?

Tags:

ruby

xss

sinatra

marshally

2 Answers

fatnic

ruvan

Related questions

Recent Activity

Donate For Us