Being as though we’re all html escaping everything these days, why not make it faster?

At the moment escape_utils supports escaping and unescaping of HTML, and Javascript but I wanna add URL encoding soon

It has monkey-patches for Rack::Utils, CGI, ERB::Util and Haml and ActionView so you can drop this in and have your app start escaping fast as balls in no time

gem install escape_utils

html = `curl -s http://maps.google.com`
escaped_html = EscapeUtils.escape_html(html)

html = `curl -s http://maps.google.com`
escaped_html = EscapeUtils.escape_html(html)
html = EscapeUtils.unescape_html(escaped_html)

require 'escape_utils/html/rack' # to patch Rack::Utils
require 'escape_utils/html/erb' # to patch ERB::Util
require 'escape_utils/html/cgi' # to patch CGI
require 'escape_utils/html/haml' # to patch Haml::Helpers

javascript = `curl -s http://code.jquery.com/jquery-1.4.2.js`
escaped_javascript = EscapeUtils.escape_javascript(javascript)

require 'escape_utils/javascript/action_view' # to patch ActionView::Helpers::JavaScriptHelper

In my testing, escaping html is around 10-20x faster than the pure ruby implementations in wide use today. While unescaping html is around 20-40x faster than CGI.unescapeHTML - also pure ruby. Escaping Javascript is around 16-30x faster.

This output is from my laptop using the benchmark scripts in the benchmarks folder.

Rack::Utils.escape_html
 0.560000   0.040000   0.600000 (  0.589475)
ERB::Util.html_escape
 0.450000   0.040000   0.490000 (  0.492893)
CGI.escapeHTML
 0.460000   0.030000   0.490000 (  0.490171)
Haml::Helpers.html_escape
 0.430000   0.010000   0.440000 (  0.444694)
EscapeUtils.escape_html
 0.050000   0.010000   0.060000 (  0.054799)

CGI.unescapeHTML
 1.140000   0.010000   1.150000 (  1.148470)
EscapeUtils.unescape_html
 0.040000   0.000000   0.040000 (  0.046166)

ActionView::Helpers::JavaScriptHelper#escape_javascript
 2.000000   0.020000   2.020000 (  2.023047)
EscapeUtils.escape_javascript
 0.110000   0.010000   0.120000 (  0.121761)