Phoenix v0.10.0 → Overview → Phoenix → HTML

Phoenix.HTML

Summary
Types
Functions
Macros

Helpers for working HTML strings and templates.

When used, it brings the given functionality:

use Phoenix.HTML.Controller - imports controllers functions commonly used in views;
import Phoenix.HTML- imports functions for handle HTML safety;
import Phoenix.HTML.Tag - imports functions for generating HTML tags;
import Phoenix.HTML.Form - imports functions for working with forms;
import Phoenix.HTML.Link - imports functions for generating links and urls;

HTML Safe

One of the main responsibilities of this module is to provide convenience functions for escaping and marking HTML code as safe.

By default, data output in templates is not considered safe:

<%= "<hello>" %>

will be shown as:

<hello>

User data or data coming from the database is almost never considered safe. However, in some cases, you may want to tag it as safe and show its original contents:

<%= safe "<hello>" %>

Keep in mind most helpers will automatically escape your data and return safe content:

<%= tag :p, "<hello>" %>

will properly output:

<p><hello></p>

Source

Summary↑

html_escape(safe)	Escapes the HTML entities in the given term, returning iodata
safe(value)	Marks the given value as safe
safe_concat(list)	Concatenates data in the given list safe
safe_concat(data1, data2)	Concatenates data safely
sigil_E(expr, opts)	Provides `~E` sigil with HTML safe EEx syntax inside source files
sigil_e(expr, opts)	Provides `~e` sigil with HTML safe EEx syntax inside source files

Types ↑

safe :: {:safe, iodata}

Guaranteed to be safe

unsafe :: Phoenix.HTML.Safe.t

May be safe or unsafe (i.e. it needs to be converted)

Functions

html_escape(safe)

(function) # ↑

Specs:

html_escape(unsafe) :: safe

Escapes the HTML entities in the given term, returning iodata.

iex> html_escape("<hello>")
{:safe, "<hello>"}

iex> html_escape('<hello>')
{:safe, ["<", 104, 101, 108, 108, 111, ">"]}

iex> html_escape(1)
{:safe, "1"}

iex> html_escape({:safe, "<hello>"})
{:safe, "<hello>"}

Source

safe(value)

(function) # ↑

Specs:

safe(iodata | safe) :: safe

Marks the given value as safe.

iex> Phoenix.HTML.safe("<hello>")
{:safe, "<hello>"}
iex> Phoenix.HTML.safe({:safe, "<hello>"})
{:safe, "<hello>"}

Source

safe_concat(list)

(function) # ↑

Specs:

safe_concat([iodata | safe]) :: safe

Concatenates data in the given list safe.

iex> safe_concat(["<hello>", "safe", "<world>"])
{:safe, "<hello>safe<world>"}

Source

safe_concat(data1, data2)

(function) # ↑

Specs:

safe_concat(iodata | safe, iodata | safe) :: safe

Concatenates data safely.

iex> safe_concat("<hello>", "<world>")
{:safe, "<hello><world>"}

iex> safe_concat({:safe, "<hello>"}, "<world>")
{:safe, "<hello><world>"}

iex> safe_concat("<hello>", {:safe, "<world>"})
{:safe, "<hello><world>"}

iex> safe_concat({:safe, "<hello>"}, {:safe, "<world>"})
{:safe, "<hello><world>"}

iex> safe_concat({:safe, "<hello>"}, {:safe, '<world>'})
{:safe, ["<hello>"|'<world>']}

Source

Macros

sigil_E(expr, opts)

(macro) # ↑

Provides ~E sigil with HTML safe EEx syntax inside source files.

This sigil does not support interpolation and is should be prefered rather than ~e.

iex> ~E"""
...> Hello <%= "world" %>
...> """
{:safe, [[["" | "Hello "] | "world"] | "\n"]}

Source

sigil_e(expr, opts)

(macro) # ↑

Provides ~e sigil with HTML safe EEx syntax inside source files.

iex> ~e"""
...> Hello <%= "world" %>
...> """
{:safe, [[["" | "Hello "] | "world"] | "\n"]}

Source