2017-07-23 11:36:41 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-10-21 09:21:02 -04:00
|
|
|
require "action_view/helpers/tag_helper"
|
2005-03-11 21:42:48 -05:00
|
|
|
|
2005-03-11 21:59:12 -05:00
|
|
|
module ActionView
|
2017-08-26 20:12:19 -04:00
|
|
|
module Helpers #:nodoc:
|
2005-11-14 17:28:47 -05:00
|
|
|
module JavaScriptHelper
|
2008-06-21 17:54:10 -04:00
|
|
|
JS_ESCAPE_MAP = {
|
|
|
|
'\\' => '\\\\',
|
2016-08-06 12:48:35 -04:00
|
|
|
"</" => '<\/',
|
2008-06-21 17:54:10 -04:00
|
|
|
"\r\n" => '\n',
|
|
|
|
"\n" => '\n',
|
|
|
|
"\r" => '\n',
|
|
|
|
'"' => '\\"',
|
2011-08-23 09:55:31 -04:00
|
|
|
"'" => "\\'"
|
|
|
|
}
|
|
|
|
|
2018-05-17 04:32:27 -04:00
|
|
|
JS_ESCAPE_MAP[(+"\342\200\250").force_encoding(Encoding::UTF_8).encode!] = "
"
|
|
|
|
JS_ESCAPE_MAP[(+"\342\200\251").force_encoding(Encoding::UTF_8).encode!] = "
"
|
2008-06-21 17:54:10 -04:00
|
|
|
|
2011-08-23 07:42:36 -04:00
|
|
|
# Escapes carriage returns and single and double quotes for JavaScript segments.
|
|
|
|
#
|
2012-12-01 14:38:07 -05:00
|
|
|
# Also available through the alias j(). This is particularly helpful in JavaScript
|
|
|
|
# responses, like:
|
2011-03-26 13:28:39 -04:00
|
|
|
#
|
2015-03-12 00:42:31 -04:00
|
|
|
# $('some_element').replaceWith('<%= j render 'some/element_template' %>');
|
2005-03-20 19:57:08 -05:00
|
|
|
def escape_javascript(javascript)
|
2018-08-09 05:26:46 -04:00
|
|
|
javascript = javascript.to_s
|
|
|
|
if javascript.empty?
|
|
|
|
result = ""
|
2011-08-24 12:21:18 -04:00
|
|
|
else
|
2018-08-09 05:26:46 -04:00
|
|
|
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) { |match| JS_ESCAPE_MAP[match] }
|
2011-08-24 12:21:18 -04:00
|
|
|
end
|
2018-08-09 05:26:46 -04:00
|
|
|
javascript.html_safe? ? result.html_safe : result
|
2005-03-20 19:57:08 -05:00
|
|
|
end
|
2005-03-26 09:03:55 -05:00
|
|
|
|
2011-03-27 14:20:54 -04:00
|
|
|
alias_method :j, :escape_javascript
|
2011-03-26 13:28:39 -04:00
|
|
|
|
2005-06-29 04:09:00 -04:00
|
|
|
# Returns a JavaScript tag with the +content+ inside. Example:
|
2006-10-08 20:15:28 -04:00
|
|
|
# javascript_tag "alert('All is good')"
|
|
|
|
#
|
|
|
|
# Returns:
|
2012-04-05 07:32:37 -04:00
|
|
|
# <script>
|
2006-10-08 20:15:28 -04:00
|
|
|
# //<![CDATA[
|
|
|
|
# alert('All is good')
|
|
|
|
# //]]>
|
|
|
|
# </script>
|
2006-10-08 20:50:11 -04:00
|
|
|
#
|
2010-09-16 09:10:36 -04:00
|
|
|
# +html_options+ may be a hash of attributes for the <tt>\<script></tt>
|
2012-12-01 14:38:07 -05:00
|
|
|
# tag.
|
|
|
|
#
|
2012-10-29 07:10:53 -04:00
|
|
|
# javascript_tag "alert('All is good')", defer: 'defer'
|
2015-07-25 01:18:13 -04:00
|
|
|
#
|
|
|
|
# Returns:
|
2014-06-10 15:59:17 -04:00
|
|
|
# <script defer="defer">
|
|
|
|
# //<![CDATA[
|
|
|
|
# alert('All is good')
|
|
|
|
# //]]>
|
|
|
|
# </script>
|
2007-09-15 17:34:25 -04:00
|
|
|
#
|
|
|
|
# Instead of passing the content as an argument, you can also use a block
|
|
|
|
# in which case, you pass your +html_options+ as the first parameter.
|
2012-12-01 14:38:07 -05:00
|
|
|
#
|
2012-10-29 07:10:53 -04:00
|
|
|
# <%= javascript_tag defer: 'defer' do -%>
|
2007-09-15 17:34:25 -04:00
|
|
|
# alert('All is good')
|
|
|
|
# <% end -%>
|
2018-02-16 08:21:48 -05:00
|
|
|
#
|
|
|
|
# If you have a content security policy enabled then you can add an automatic
|
2018-03-03 04:29:50 -05:00
|
|
|
# nonce value by passing <tt>nonce: true</tt> as part of +html_options+. Example:
|
2018-02-16 08:21:48 -05:00
|
|
|
#
|
|
|
|
# <%= javascript_tag nonce: true do -%>
|
|
|
|
# alert('All is good')
|
|
|
|
# <% end -%>
|
2007-09-15 17:34:25 -04:00
|
|
|
def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block)
|
2008-06-06 20:59:41 -04:00
|
|
|
content =
|
|
|
|
if block_given?
|
|
|
|
html_options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash)
|
|
|
|
capture(&block)
|
|
|
|
else
|
|
|
|
content_or_options_with_block
|
|
|
|
end
|
|
|
|
|
2018-02-16 08:21:48 -05:00
|
|
|
if html_options[:nonce] == true
|
|
|
|
html_options[:nonce] = content_security_policy_nonce
|
|
|
|
end
|
|
|
|
|
2018-02-27 23:33:37 -05:00
|
|
|
content_tag("script", javascript_cdata_section(content), html_options)
|
2005-06-26 08:03:43 -04:00
|
|
|
end
|
|
|
|
|
2005-10-12 18:47:39 -04:00
|
|
|
def javascript_cdata_section(content) #:nodoc:
|
2010-02-13 16:53:26 -05:00
|
|
|
"\n//#{cdata_section("\n#{content}\n//")}\n".html_safe
|
2005-10-12 18:47:39 -04:00
|
|
|
end
|
2005-03-11 21:42:48 -05:00
|
|
|
end
|
2005-03-11 21:59:12 -05:00
|
|
|
end
|
2005-03-14 07:47:38 -05:00
|
|
|
end
|