How do I html_escape text data in a sinatra app?

2019-02-22 00:27发布

I have a small Sinatra app which generates html fragments for me from an ERB template.

How do I html_escape the output?

The <%=h somestring %> helper does not exist in Sinatra.

标签： ruby sinatra xss

2条回答

太酷不给撩

2楼-- · 2019-02-22 01:08

Rack::Utils includes a HTML escape method. http://www.sinatrarb.com/faq.html#escape_html

0人赞添加讨论(0) 举报

地球回转人心会变

3楼-- · 2019-02-22 01:14

require 'CGI'

get '/html' do
  erb :view
end

def h(html)
  CGI.escapeHTML html
end

__END__
@@view
  <% File.open('my.html') do |f| %>
   <%=h f.read() %>
  <% end %>

0人赞添加讨论(0) 举报

How do I html_escape text data in a sinatra app?

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间