如何对字符串进行 HTML 编码/转义?有内置的吗?

2022-01-31 00:00:00 escaping encode ruby-on-rails ruby html

I have an untrusted string that I want to show as text in an HTML page. I need to escape the chars '<' and '&' as HTML entities. The less fuss the better.

I'm using UTF8 and don't need other entities for accented letters.

Is there a built-in function in Ruby or Rails, or should I roll my own?

解决方案

The h helper method:

<%=h "<p> will be preserved" %>

相关文章