diff options
| author | Nick Reed <reednj77@gmail.com> | 2012-12-15 15:27:32 -0600 |
|---|---|---|
| committer | Nick Reed <reednj77@gmail.com> | 2012-12-18 22:39:12 -0600 |
| commit | cf9d9450ec2a183c0007eedd62113f0ed362019c (patch) | |
| tree | 9f4dd2c2a478da2f31e4b2a40e0dcd6fc17b2117 /actionpack/lib/action_view/helpers/url_helper.rb | |
| parent | 88e91570128170b865cfdb3e78f1fefcf791d073 (diff) | |
| download | rails-cf9d9450ec2a183c0007eedd62113f0ed362019c.tar.gz rails-cf9d9450ec2a183c0007eedd62113f0ed362019c.tar.bz2 rails-cf9d9450ec2a183c0007eedd62113f0ed362019c.zip | |
Remove obfuscation support from mail_to helper
Removes support for :encode, :replace_at, and :replace_dot
options from the mail_to helper. Support for these options
has been extracted to the 'actionview-encoded_mail_to' gem.
Diffstat (limited to 'actionpack/lib/action_view/helpers/url_helper.rb')
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 66 |
1 files changed, 12 insertions, 54 deletions
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index fa516cf91b..aeee662071 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -415,40 +415,26 @@ module ActionView # also used as the name of the link unless +name+ is specified. Additional # HTML attributes for the link can be passed in +html_options+. # - # +mail_to+ has several methods for hindering email harvesters and customizing - # the email itself by passing special keys to +html_options+. + # +mail_to+ has several methods for customizing the email itself by + # passing special keys to +html_options+. # # ==== Options - # * <tt>:encode</tt> - This key will accept the strings "javascript" or "hex". - # Passing "javascript" will dynamically create and encode the mailto link then - # eval it into the DOM of the page. This method will not show the link on - # the page if the user has JavaScript disabled. Passing "hex" will hex - # encode the +email_address+ before outputting the mailto link. - # * <tt>:replace_at</tt> - When the link +name+ isn't provided, the - # +email_address+ is used for the link label. You can use this option to - # obfuscate the +email_address+ by substituting the @ sign with the string - # given as the value. - # * <tt>:replace_dot</tt> - When the link +name+ isn't provided, the - # +email_address+ is used for the link label. You can use this option to - # obfuscate the +email_address+ by substituting the . in the email with the - # string given as the value. # * <tt>:subject</tt> - Preset the subject line of the email. # * <tt>:body</tt> - Preset the body of the email. # * <tt>:cc</tt> - Carbon Copy additional recipients on the email. # * <tt>:bcc</tt> - Blind Carbon Copy additional recipients on the email. # + # ==== Obfuscation + # Prior to Rails 4.0, +mail_to+ provided options for encoding the address + # in order to hinder email harvesters. To take advantage of these options, + # install the +actionview-encoded_mail_to+ gem. + # # ==== Examples # mail_to "me@domain.com" # # => <a href="mailto:me@domain.com">me@domain.com</a> # - # mail_to "me@domain.com", "My email", encode: "javascript" - # # => <script>eval(decodeURIComponent('%64%6f%63...%27%29%3b'))</script> - # - # mail_to "me@domain.com", "My email", encode: "hex" - # # => <a href="mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d">My email</a> - # - # mail_to "me@domain.com", nil, replace_at: "_at_", replace_dot: "_dot_", class: "email" - # # => <a href="mailto:me@domain.com" class="email">me_at_domain_dot_com</a> + # mail_to "me@domain.com", "My email" + # # => <a href="mailto:me@domain.com">My email</a> # # mail_to "me@domain.com", "My email", cc: "ccaddress@domain.com", # subject: "This is an example email" @@ -456,43 +442,15 @@ module ActionView def mail_to(email_address, name = nil, html_options = {}) email_address = ERB::Util.html_escape(email_address) - html_options = html_options.stringify_keys - encode = html_options.delete("encode").to_s + html_options.stringify_keys! extras = %w{ cc bcc body subject }.map { |item| option = html_options.delete(item) || next "#{item}=#{Rack::Utils.escape_path(option)}" }.compact extras = extras.empty? ? '' : '?' + ERB::Util.html_escape(extras.join('&')) - - email_address_obfuscated = email_address.to_str - email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.key?("replace_at") - email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.key?("replace_dot") - case encode - when "javascript" - string = '' - html = content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe)) - html = escape_javascript(html.to_str) - "document.write('#{html}');".each_byte do |c| - string << sprintf("%%%x", c) - end - "<script>eval(decodeURIComponent('#{string}'))</script>".html_safe - when "hex" - email_address_encoded = email_address_obfuscated.unpack('C*').map {|c| - sprintf("&#%d;", c) - }.join - - string = 'mailto:'.unpack('C*').map { |c| - sprintf("&#%d;", c) - }.join + email_address.unpack('C*').map { |c| - char = c.chr - char =~ /\w/ ? sprintf("%%%x", c) : char - }.join - - content_tag "a", name || email_address_encoded.html_safe, html_options.merge("href" => "#{string}#{extras}".html_safe) - else - content_tag "a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe) - end + + content_tag "a", name || email_address.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe) end # True if the current request URI was generated by the given +options+. |