diff options
| author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2011-02-10 16:45:39 +0100 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2011-02-10 16:51:30 +0100 |
| commit | 1814298d7590988d354955efdb0bc495b359293b (patch) | |
| tree | 8592b94b8ba65f2b325466ef933cb4dc7950b9f8 /actionpack/lib/action_view/helpers | |
| parent | 89a5f1463d7e9546ed7a0cf482afea99ba2040e7 (diff) | |
| download | rails-1814298d7590988d354955efdb0bc495b359293b.tar.gz rails-1814298d7590988d354955efdb0bc495b359293b.tar.bz2 rails-1814298d7590988d354955efdb0bc495b359293b.zip | |
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned.
Signed-off-by: José Valim <jose.valim@gmail.com>
Diffstat (limited to 'actionpack/lib/action_view/helpers')
| -rw-r--r-- | actionpack/lib/action_view/helpers/output_safety_helper.rb | 38 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/raw_output_helper.rb | 18 |
2 files changed, 38 insertions, 18 deletions
diff --git a/actionpack/lib/action_view/helpers/output_safety_helper.rb b/actionpack/lib/action_view/helpers/output_safety_helper.rb new file mode 100644 index 0000000000..a035dd70ad --- /dev/null +++ b/actionpack/lib/action_view/helpers/output_safety_helper.rb @@ -0,0 +1,38 @@ +require 'active_support/core_ext/string/output_safety' + +module ActionView #:nodoc: + # = Action View Raw Output Helper + module Helpers #:nodoc: + module OutputSafetyHelper + # This method outputs without escaping a string. Since escaping tags is + # now default, this can be used when you don't want Rails to automatically + # escape tags. This is not recommended if the data is coming from the user's + # input. + # + # For example: + # + # <%=raw @user.name %> + def raw(stringish) + stringish.to_s.html_safe + end + + # This method returns a html safe string similar to what <tt>Array#join</tt> + # would return. All items in the array, including the supplied separator, are + # html escaped unless they are html safe, and the returned string is marked + # as html safe. + # + # safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />") + # # => "<p>foo</p><br /><p>bar</p>" + # + # safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe) + # # => "<p>foo</p><br /><p>bar</p>" + # + def safe_join(array, sep=$,) + sep ||= "".html_safe + sep = ERB::Util.html_escape(sep) + + array.map { |i| ERB::Util.html_escape(i) }.join(sep).html_safe + end + end + end +end
\ No newline at end of file diff --git a/actionpack/lib/action_view/helpers/raw_output_helper.rb b/actionpack/lib/action_view/helpers/raw_output_helper.rb deleted file mode 100644 index 216683a2e0..0000000000 --- a/actionpack/lib/action_view/helpers/raw_output_helper.rb +++ /dev/null @@ -1,18 +0,0 @@ -module ActionView #:nodoc: - # = Action View Raw Output Helper - module Helpers #:nodoc: - module RawOutputHelper - # This method outputs without escaping a string. Since escaping tags is - # now default, this can be used when you don't want Rails to automatically - # escape tags. This is not recommended if the data is coming from the user's - # input. - # - # For example: - # - # <%=raw @user.name %> - def raw(stringish) - stringish.to_s.html_safe - end - end - end -end
\ No newline at end of file |