diff options
| author | Xavier Noria <fxn@hashref.com> | 2010-06-29 19:55:57 +0200 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2010-06-30 00:23:13 +0200 |
| commit | cba1460a2fe2bbe1153620582a66e03cec9ba7a5 (patch) | |
| tree | 5127a168612f8c18ab8edd1e30e669aea0f1cea7 /actionpack/lib/action_view/helpers/form_tag_helper.rb | |
| parent | 0253bf425ea6fc112d8eecc6e7ea94e349cb538d (diff) | |
| download | rails-cba1460a2fe2bbe1153620582a66e03cec9ba7a5.tar.gz rails-cba1460a2fe2bbe1153620582a66e03cec9ba7a5.tar.bz2 rails-cba1460a2fe2bbe1153620582a66e03cec9ba7a5.zip | |
url_for no longer escapes HTML, the :escape option is also gone
Rationale: url_for is just a path/URL generator, it is the responsability of the caller to escape conveniently HTML needs it, JavaScript needs different escaping, a text mail needs no escaping at all, etc.
Diffstat (limited to 'actionpack/lib/action_view/helpers/form_tag_helper.rb')
| -rw-r--r-- | actionpack/lib/action_view/helpers/form_tag_helper.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb index efa1446d96..7fea5eb055 100644 --- a/actionpack/lib/action_view/helpers/form_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb @@ -529,6 +529,8 @@ module ActionView def html_options_for_form(url_for_options, options, *parameters_for_url) returning options.stringify_keys do |html_options| html_options["enctype"] = "multipart/form-data" if html_options.delete("multipart") + # The following URL is unescaped, this is just a hash of options, and it is the + # responsability of the caller to escape all the values. html_options["action"] = url_for(url_for_options, *parameters_for_url) html_options["accept-charset"] = "UTF-8" html_options["data-remote"] = true if html_options.delete("remote") |