Methods
Constants
JS_ESCAPE_MAP
=
{
"\\" => "\\\\",
"</" => '<\/',
"\r\n" => '\n',
"\n" => '\n',
"\r" => '\n',
'"' => '\\"',
"'" => "\\'",
"`" => "\\`",
"$" => "\\$"
}
Instance Public methods
escape_javascript(javascript) Link
Escapes carriage returns and single and double quotes for JavaScript segments.
Also available through the alias j(). This is particularly helpful in JavaScript responses, like:
$('some_element').replaceWith('<%= j render 'some/element_template' %>');
Also aliased as: j
Source: | on GitHub
# File actionview/lib/action_view/helpers/javascript_helper.rb, line 30 def escape_javascript(javascript) javascript = javascript.to_s if javascript.empty? result = "" else result = javascript.gsub(/(\\|<\/|\r\n|342円200円250円|342円200円251円|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP) end javascript.html_safe? ? result.html_safe : result end
j(javascript) Link
Alias for: escape_javascript
javascript_tag(content_or_options_with_block = nil, html_options = {}, &block) Link
Returns a JavaScript tag with the content inside. Example:
javascript_tag "alert('All is good')"
Returns:
<script>
//<![CDATA[
alert('All is good')
//]]>
</script>
html_options may be a hash of attributes for the <script> tag.
javascript_tag "alert('All is good')", type: 'application/javascript'
Returns:
<script type="application/javascript">
//<![CDATA[
alert('All is good')
//]]>
</script>
Instead of passing the content as an argument, you can also use a block in which case, you pass your html_options as the first parameter.
<%= javascript_tag type: 'application/javascript' do -%>
alert('All is good')
<% end -%>
If you have a content security policy enabled then you can add an automatic nonce value by passing nonce: true as part of html_options. Example:
<%= javascript_tag nonce: true do -%>
alert('All is good')
<% end -%>
Source: | on GitHub
# File actionview/lib/action_view/helpers/javascript_helper.rb, line 77 def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block) content = if block_given? html_options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash) capture(&block) else content_or_options_with_block end if html_options[:nonce] == true || (!html_options.key?(:nonce) && auto_include_nonce) html_options[:nonce] = content_security_policy_nonce elsif html_options[:nonce] == false html_options.delete(:nonce) end content_tag("script", javascript_cdata_section(content), html_options) end