diff options
| author | Xavier Noria <fxn@hashref.com> | 2010-06-20 23:13:19 +0200 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2010-06-20 23:13:19 +0200 |
| commit | 207fa59675cb624dde0e01c1d57597f752cdf095 (patch) | |
| tree | 472d03af5bc3e2df1b759717f723ca914f2a77aa /actionpack/lib/action_view/helpers | |
| parent | 31cadc730a40281950a265ff6982dd76cc326828 (diff) | |
| parent | 50d37a76064239a731f81a4ba68b80946c4dfae2 (diff) | |
| download | rails-207fa59675cb624dde0e01c1d57597f752cdf095.tar.gz rails-207fa59675cb624dde0e01c1d57597f752cdf095.tar.bz2 rails-207fa59675cb624dde0e01c1d57597f752cdf095.zip | |
Merge remote branch 'rails/master'
Conflicts:
actionpack/lib/abstract_controller/base.rb
Diffstat (limited to 'actionpack/lib/action_view/helpers')
4 files changed, 24 insertions, 18 deletions
diff --git a/actionpack/lib/action_view/helpers/date_helper.rb b/actionpack/lib/action_view/helpers/date_helper.rb index 6f387bc95a..7d7b6a1d91 100644 --- a/actionpack/lib/action_view/helpers/date_helper.rb +++ b/actionpack/lib/action_view/helpers/date_helper.rb @@ -896,8 +896,10 @@ module ActionView # Returns the separator for a given datetime component def separator(type) case type - when :month, :day - @options[:date_separator] + when :month + @options[:discard_month] ? "" : @options[:date_separator] + when :day + @options[:discard_day] ? "" : @options[:date_separator] when :hour (@options[:discard_year] && @options[:discard_day]) ? "" : @options[:datetime_separator] when :minute diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index a8887a804e..8efed98bd2 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -303,7 +303,7 @@ module ActionView args.unshift object end - options[:html][:remote] = true if options.delete(:remote) + (options[:html] ||= {})[:remote] = true if options.delete(:remote) output = form_tag(options.delete(:url) || {}, options.delete(:html) || {}) output << fields_for(object_name, *(args << options), &proc) diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb index c564d30302..6f9d14de8b 100644 --- a/actionpack/lib/action_view/helpers/form_options_helper.rb +++ b/actionpack/lib/action_view/helpers/form_options_helper.rb @@ -399,7 +399,7 @@ module ActionView options_for_select += "<optgroup label=\"#{html_escape(group_label_string)}\">" options_for_select += options_from_collection_for_select(eval("group.#{group_method}"), option_key_method, option_value_method, selected_key) options_for_select += '</optgroup>' - end + end.html_safe end # Returns a string of <tt><option></tt> tags, like <tt>options_for_select</tt>, but diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index 9afa989453..0be8a2c36e 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -40,7 +40,10 @@ module ActionView # for a total length not exceeding <tt>:length</tt>. # # Pass a <tt>:separator</tt> to truncate +text+ at a natural break. - # Pass a <tt>:safe</tt> value as "true" to not to escape the content. + # + # The result is not marked as HTML-safe, so will be subject to the default escaping when + # used in views, unless wrapped by <tt>raw()</tt>. Care should be taken if +text+ contains HTML tags + # or entities, because truncation may produce invalid HTML (such as unbalanced or incomplete tags). # # ==== Examples # @@ -57,12 +60,6 @@ module ActionView # # => "And they f... (continued)" # # truncate("<p>Once upon a time in a world far far away</p>") - # # => "<p>Once upon a time i..." - # - # truncate("<p>Once upon a time in a world far far away</p>", :safe => true) - # # => "<p>Once upon a time in a wo..." - # - # truncate("<p>Once upon a time in a world far far away</p>".html_safe) # # => "<p>Once upon a time in a wo..." # # You can still use <tt>truncate</tt> with the old API that accepts the @@ -85,7 +82,6 @@ module ActionView options.reverse_merge!(:length => 30) - text = h(text) unless text.html_safe? || options[:safe] text.truncate(options.delete(:length), options) if text end @@ -117,13 +113,13 @@ module ActionView end options.reverse_merge!(:highlighter => '<strong class="highlight">\1</strong>') - text = h(text) unless text.html_safe? || options[:safe] + text = sanitize(text) unless options[:sanitize] == false if text.blank? || phrases.blank? text else match = Array(phrases).map { |p| Regexp.escape(p) }.join('|') text.gsub(/(#{match})(?!(?:[^<]*?)(?:["'])[^<>]*>)/i, options[:highlighter]) - end + end.html_safe end # Extracts an excerpt from +text+ that matches the first instance of +phrase+. @@ -253,9 +249,9 @@ module ActionView # simple_format("Look ma! A class!", :class => 'description') # # => "<p class='description'>Look ma! A class!</p>" def simple_format(text, html_options={}, options={}) - text = '' if text.nil? + text = ''.html_safe if text.nil? start_tag = tag('p', html_options, true) - text = h(text) unless text.html_safe? || options[:safe] + text = sanitize(text) unless options[:sanitize] == false text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}") # 2+ newline -> paragraph text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline -> br @@ -499,7 +495,11 @@ module ActionView link_text = block_given?? yield(href) : href href = 'http://' + href unless scheme - content_tag(:a, link_text, link_attributes.merge('href' => href), !(options[:safe] || text.html_safe?)) + punctuation.reverse.join('') + unless options[:sanitize] == false + link_text = sanitize(link_text) + href = sanitize(href) + end + content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('') end end.html_safe end @@ -514,7 +514,11 @@ module ActionView text.html_safe else display_text = (block_given?) ? yield(text) : text - display_text = h(display_text) unless options[:safe] + + unless options[:sanitize] == false + text = sanitize(text) + display_text = sanitize(display_text) unless text == display_text + end mail_to text, display_text, html_options end end |