Friday, December 19, 2008

escapeHTML with method_missing

Use safe_* for escaping HTML

def method_missing(method_id, *arguments, &block)
if method_id.to_s =~ /^safe_([_a-zA-Z]\w*)$/
att = $1
if self.attributes.include?(att)
if self.attributes[att].class.to_s == "String"
return CGI::escapeHTML(self.attributes[att])
end
return self.attributes[att]
end
if self.methods.include?(att)
val = self.send(att, *arguments, &block)
if val.class.to_s == "String"
return CGI::escapeHTML(val)
end
return val
end
end
super
end

No comments: