模組 CGI::Util

常數

TABLE_FOR_ESCAPE_HTML__

特殊字元及其轉義值的集合

公開實例方法

escape(字串) 按一下以切換來源

將字串 URL 編碼成 application/x-www-form-urlencoded。空白字元 (+“ ”+) 會編碼成加號 (+“+”+)

url_encoded_string = CGI.escape("'Stop!' said Fred")
   # => "%27Stop%21%27+said+Fred"
# File lib/cgi/util.rb, line 14
def escape(string)
  encoding = string.encoding
  buffer = string.b
  buffer.gsub!(/([^ a-zA-Z0-9_.\-~]+)/) do |m|
    '%' + m.unpack('H2' * m.bytesize).join('%').upcase
  end
  buffer.tr!(' ', '+')
  buffer.force_encoding(encoding)
end
escapeElement(字串, *元素) 按一下以切換來源

Escape 字串中特定 HTML 元素的標籤。

採用元素、元素或元素陣列。每個元素都由元素名稱指定,不含尖括號。這會比對該元素的開始標籤和結束標籤。開啟標籤的屬性清單也會被轉義(例如,屬性值周圍的雙引號)。

print CGI.escapeElement('<BR><A HREF="url"></A>', "A", "IMG")
  # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"

print CGI.escapeElement('<BR><A HREF="url"></A>', ["A", "IMG"])
  # "<BR>&lt;A HREF=&quot;url&quot;&gt;&lt;/A&gt"
# File lib/cgi/util.rb, line 184
def escapeElement(string, *elements)
  elements = elements[0] if elements[0].kind_of?(Array)
  unless elements.empty?
    string.gsub(/<\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?>/i) do
      CGI.escapeHTML($&)
    end
  else
    string
  end
end
別名為:escape_element
escapeHTML(字串) 按一下以切換來源

Escape HTML 中的特殊字元,即 ‘&"<>

CGI.escapeHTML('Usage: foo "bar" <baz>')
   # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
# File lib/cgi/util.rb, line 77
def escapeHTML(string)
  enc = string.encoding
  unless enc.ascii_compatible?
    if enc.dummy?
      origenc = enc
      enc = Encoding::Converter.asciicompat_encoding(enc)
      string = enc ? string.encode(enc) : string.b
    end
    table = Hash[TABLE_FOR_ESCAPE_HTML__.map {|pair|pair.map {|s|s.encode(enc)}}]
    string = string.gsub(/#{"['&\"<>]".encode(enc)}/, table)
    string.encode!(origenc) if origenc
    string
  else
    string = string.b
    string.gsub!(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
    string.force_encoding(enc)
  end
end
別名為:escape_html, h
escapeURIComponent(字串) 按一下以切換來源

根據 RFC 3986 URL 編碼字串。空白字元 (+“ ”+) 會編碼成 (+“%20”+)

url_encoded_string = CGI.escapeURIComponent("'Stop!' said Fred")
   # => "%27Stop%21%27%20said%20Fred"
# File lib/cgi/util.rb, line 41
def escapeURIComponent(string)
  encoding = string.encoding
  buffer = string.b
  buffer.gsub!(/([^a-zA-Z0-9_.\-~]+)/) do |m|
    '%' + m.unpack('H2' * m.bytesize).join('%').upcase
  end
  buffer.force_encoding(encoding)
end
別名為:escape_uri_component
escape_element(字串, *元素)

CGI.escapeElement(str) 的同義詞

別名為:escapeElement
escape_html(字串)

CGI.escapeHTML(str) 的同義詞

別名為:escapeHTML
escape_uri_component(字串)
h(字串)
別名為:escapeHTML
pretty(字串, shift = " ") 按一下切換來源

美化(縮排)HTML 字串。

字串是要縮排的 HTML 字串。shift是用於縮排的單位;預設為兩個空格。

print CGI.pretty("<HTML><BODY></BODY></HTML>")
  # <HTML>
  #   <BODY>
  #   </BODY>
  # </HTML>

print CGI.pretty("<HTML><BODY></BODY></HTML>", "\t")
  # <HTML>
  #         <BODY>
  #         </BODY>
  # </HTML>
# File lib/cgi/util.rb, line 246
def pretty(string, shift = "  ")
  lines = string.gsub(/(?!\A)<.*?>/m, "\n\\0").gsub(/<.*?>(?!\n)/m, "\\0\n")
  end_pos = 0
  while end_pos = lines.index(/^<\/(\w+)/, end_pos)
    element = $1.dup
    start_pos = lines.rindex(/^\s*<#{element}/i, end_pos)
    lines[start_pos ... end_pos] = "__" + lines[start_pos ... end_pos].gsub(/\n(?!\z)/, "\n" + shift) + "__"
  end
  lines.gsub(/^((?:#{Regexp::quote(shift)})*)__(?=<\/?\w)/, '\1')
end
rfc1123_date(時間) 按一下切換來源

使用 RFC 1123 指定的格式,將時間物件格式化為字串

CGI.rfc1123_date(Time.now)
  # Sat, 01 Jan 2000 00:00:00 GMT
# File lib/cgi/util.rb, line 225
def rfc1123_date(time)
  time.getgm.strftime("%a, %d %b %Y %T GMT")
end
unescape(字串, 編碼 = @@accept_charset) 按一下切換來源

使用編碼(選用)URL 解碼 application/x-www-form-urlencoded 字串。

string = CGI.unescape("%27Stop%21%27+said+Fred")
   # => "'Stop!' said Fred"
# File lib/cgi/util.rb, line 27
def unescape(string, encoding = @@accept_charset)
  str = string.tr('+', ' ')
  str = str.b
  str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
    [m.delete('%')].pack('H*')
  end
  str.force_encoding(encoding)
  str.valid_encoding? ? str : str.force_encoding(string.encoding)
end
unescapeElement(字串, *元素) 按一下切換來源

取消轉譯,例如由CGI.escapeElement()所做的轉譯

print CGI.unescapeElement(
        CGI.escapeHTML('<BR><A HREF="url"></A>'), "A", "IMG")
  # "&lt;BR&gt;<A HREF="url"></A>"

print CGI.unescapeElement(
        CGI.escapeHTML('<BR><A HREF="url"></A>'), ["A", "IMG"])
  # "&lt;BR&gt;<A HREF="url"></A>"
# File lib/cgi/util.rb, line 204
def unescapeElement(string, *elements)
  elements = elements[0] if elements[0].kind_of?(Array)
  unless elements.empty?
    string.gsub(/&lt;\/?(?:#{elements.join("|")})(?!\w)(?:.|\n)*?&gt;/i) do
      unescapeHTML($&)
    end
  else
    string
  end
end
別名:unescape_element
unescapeHTML(字串) 按一下切換來源

取消轉譯已進行 HTML 轉譯的字串

CGI.unescapeHTML("Usage: foo &quot;bar&quot; &lt;baz&gt;")
   # => "Usage: foo \"bar\" <baz>"
# File lib/cgi/util.rb, line 107
def unescapeHTML(string)
  enc = string.encoding
  unless enc.ascii_compatible?
    if enc.dummy?
      origenc = enc
      enc = Encoding::Converter.asciicompat_encoding(enc)
      string = enc ? string.encode(enc) : string.b
    end
    string = string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do
      case $1.encode(Encoding::US_ASCII)
      when 'apos'                then "'".encode(enc)
      when 'amp'                 then '&'.encode(enc)
      when 'quot'                then '"'.encode(enc)
      when 'gt'                  then '>'.encode(enc)
      when 'lt'                  then '<'.encode(enc)
      when /\A#0*(\d+)\z/        then $1.to_i.chr(enc)
      when /\A#x([0-9a-f]+)\z/i  then $1.hex.chr(enc)
      end
    end
    string.encode!(origenc) if origenc
    return string
  end
  return string unless string.include? '&'
  charlimit = case enc
              when Encoding::UTF_8; 0x10ffff
              when Encoding::ISO_8859_1; 256
              else 128
              end
  string = string.b
  string.gsub!(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#[xX][0-9A-Fa-f]+);/) do
    match = $1.dup
    case match
    when 'apos'                then "'"
    when 'amp'                 then '&'
    when 'quot'                then '"'
    when 'gt'                  then '>'
    when 'lt'                  then '<'
    when /\A#0*(\d+)\z/
      n = $1.to_i
      if n < charlimit
        n.chr(enc)
      else
        "&##{$1};"
      end
    when /\A#x([0-9a-f]+)\z/i
      n = $1.hex
      if n < charlimit
        n.chr(enc)
      else
        "&#x#{$1};"
      end
    else
      "&#{match};"
    end
  end
  string.force_encoding enc
end
別名:unescape_html
unescapeURIComponent(字串, 編碼 = @@accept_charset) 按一下切換來源

使用編碼(選用)按照 RFC 3986 URL 解碼字串。

string = CGI.unescapeURIComponent("%27Stop%21%27+said%20Fred")
   # => "'Stop!'+said Fred"
# File lib/cgi/util.rb, line 54
def unescapeURIComponent(string, encoding = @@accept_charset)
  str = string.b
  str.gsub!(/((?:%[0-9a-fA-F]{2})+)/) do |m|
    [m.delete('%')].pack('H*')
  end
  str.force_encoding(encoding)
  str.valid_encoding? ? str : str.force_encoding(string.encoding)
end
unescape_element(字串, *元素)
別名:unescapeElement
unescape_html(字串)

CGI.unescapeHTML(str)的同義詞

別名:unescapeHTML
unescape_uri_component(字串, 編碼 = @@accept_charset)