class Liquid::Autoescape::Tags::Autoescape
A block tag that automatically escapes all variables contained within it
All contained variables will have dangerous HTML characters escaped. Any variables that should be exempt from escaping should have the skip_escape
filter applied to them.
@example Default usage
{% assign untrusted = "<script>window.reload();</script>" %} {% assign trusted = "<strong>Text</strong>" %} {% autoescape %} {{ untrusted }} {{ trusted | skip_escape }} {% endautoescape %}
@example Controlling whether escaping is applied
{% assign value = "&" %} <!-- Renders "&" --> {% autoescape true %}{{ value }}{% endautoescape %} <!-- Renders "&" --> {% autoescape false %}{{ value }}{% endautoescape %}
Constants
- SYNTAX
Public Class Methods
new(tag_name, markup, tokens)
click to toggle source
Calls superclass method
# File lib/liquid/autoescape/tags/autoescape.rb, line 36 def initialize(tag_name, markup, tokens) super if markup =~ SYNTAX @autoescape_flag = $1 elsif !markup.empty? raise SyntaxError, "Syntax Error in 'autoescape' - Valid syntax: {% autoescape [true|false] %}" end end
Public Instance Methods
render(context)
click to toggle source
Calls superclass method
# File lib/liquid/autoescape/tags/autoescape.rb, line 46 def render(context) context.stack do context[ENABLED_FLAG] = @autoescape_flag ? context[@autoescape_flag] : true super end end