Phoenix v0.9.0 → OverviewPhoenixHTML

Phoenix.HTML

Conveniences for working HTML strings and templates.

When used, it imports this module and, in the future, many other modules under the Phoenix.HTML namespace.

HTML Safe

One of the main responsibilities of this module is to provide convenience functions for escaping and marking HTML code as safe.

In order to mark some code as safe, developers should invoke the safe/1 function. User data or data coming from the database should never be marked as safe, it should be kept as regular data or given to html_escape/1 so its contents are escaped and the end result is considered to be safe.

Source

Summary

html_escape(data)

Escapes the HTML entities in the given string, marking it as safe
safe(value)

Marks the given value as safe, therefore its contents won’t be escaped
safe_concat(data1, data2)

Concatenates data safely

Types

safe :: {:safe, unsafe}

unsafe :: iodata

Functions

html_escape(data)
(function) #

Specs:

Escapes the HTML entities in the given string, marking it as safe.

iex> Phoenix.HTML.html_escape("<hello>")
{:safe, "<hello>"}

iex> Phoenix.HTML.html_escape('<hello>')
{:safe, ["<", 104, 101, 108, 108, 111, ">"]}

iex> Phoenix.HTML.html_escape({:safe, "<hello>"})
{:safe, "<hello>"}
Source
safe(value)
(function) #

Specs:

Marks the given value as safe, therefore its contents won’t be escaped.

iex> Phoenix.HTML.safe("<hello>")
{:safe, "<hello>"}
iex> Phoenix.HTML.safe({:safe, "<hello>"})
{:safe, "<hello>"}
Source
safe_concat(data1, data2)
(function) #

Specs:

Concatenates data safely.

iex> Phoenix.HTML.safe_concat("<hello>", "<world>")
{:safe, ["<hello>"|"<world>"]}

iex> Phoenix.HTML.safe_concat({:safe, "<hello>"}, "<world>")
{:safe, ["<hello>"|"<world>"]}

iex> Phoenix.HTML.safe_concat("<hello>", {:safe, "<world>"})
{:safe, ["<hello>"|"<world>"]}

iex> Phoenix.HTML.safe_concat({:safe, "<hello>"}, {:safe, "<world>"})
{:safe, ["<hello>"|"<world>"]}
Source