Remove obfuscation support from mail_to helper

Removes support for :encode, :replace_at, and :replace_dot
options from the mail_to helper. Support for these options
has been extracted to the 'actionview-encoded_mail_to' gem.

1 files changed, 12 insertions, 54 deletions

diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index fa516cf91b..aeee662071 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -415,40 +415,26 @@ module ActionView
       # also used as the name of the link unless +name+ is specified. Additional
       # HTML attributes for the link can be passed in +html_options+.
       #
-      # +mail_to+ has several methods for hindering email harvesters and customizing
-      # the email itself by passing special keys to +html_options+.
+      # +mail_to+ has several methods for customizing the email itself by
+      # passing special keys to +html_options+.
       #
       # ==== Options
-      # * <tt>:encode</tt> - This key will accept the strings "javascript" or "hex".
-      #   Passing "javascript" will dynamically create and encode the mailto link then
-      #   eval it into the DOM of the page. This method will not show the link on
-      #   the page if the user has JavaScript disabled. Passing "hex" will hex
-      #   encode the +email_address+ before outputting the mailto link.
-      # * <tt>:replace_at</tt> - When the link +name+ isn't provided, the
-      #   +email_address+ is used for the link label. You can use this option to
-      #   obfuscate the +email_address+ by substituting the @ sign with the string
-      #   given as the value.
-      # * <tt>:replace_dot</tt> - When the link +name+ isn't provided, the
-      #   +email_address+ is used for the link label. You can use this option to
-      #   obfuscate the +email_address+ by substituting the . in the email with the
-      #   string given as the value.
       # * <tt>:subject</tt> - Preset the subject line of the email.
       # * <tt>:body</tt> - Preset the body of the email.
       # * <tt>:cc</tt> - Carbon Copy additional recipients on the email.
       # * <tt>:bcc</tt> - Blind Carbon Copy additional recipients on the email.
       #
+      # ==== Obfuscation
+      # Prior to Rails 4.0, +mail_to+ provided options for encoding the address 
+      # in order to hinder email harvesters.  To take advantage of these options, 
+      # install the +actionview-encoded_mail_to+ gem.
+      #
       # ==== Examples
       #   mail_to "me@domain.com"
       #   # => <a href="mailto:me@domain.com">me@domain.com</a>
       #
-      #   mail_to "me@domain.com", "My email", encode: "javascript"
-      #   # => <script>eval(decodeURIComponent('%64%6f%63...%27%29%3b'))</script>
-      #
-      #   mail_to "me@domain.com", "My email", encode: "hex"
-      #   # => <a href="mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d">My email</a>
-      #
-      #   mail_to "me@domain.com", nil, replace_at: "_at_", replace_dot: "_dot_", class: "email"
-      #   # => <a href="mailto:me@domain.com" class="email">me_at_domain_dot_com</a>
+      #   mail_to "me@domain.com", "My email"
+      #   # => <a href="mailto:me@domain.com">My email</a>
       #
       #   mail_to "me@domain.com", "My email", cc: "ccaddress@domain.com",
       #            subject: "This is an example email"
@@ -456,43 +442,15 @@ module ActionView
       def mail_to(email_address, name = nil, html_options = {})
         email_address = ERB::Util.html_escape(email_address)
 
-        html_options = html_options.stringify_keys
-        encode = html_options.delete("encode").to_s
+        html_options.stringify_keys!
 
         extras = %w{ cc bcc body subject }.map { |item|
           option = html_options.delete(item) || next
           "#{item}=#{Rack::Utils.escape_path(option)}"
         }.compact
         extras = extras.empty? ? '' : '?' + ERB::Util.html_escape(extras.join('&'))
-
-        email_address_obfuscated = email_address.to_str
-        email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.key?("replace_at")
-        email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.key?("replace_dot")
-        case encode
-        when "javascript"
-          string = ''
-          html   = content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe))
-          html   = escape_javascript(html.to_str)
-          "document.write('#{html}');".each_byte do |c|
-            string << sprintf("%%%x", c)
-          end
-          "<script>eval(decodeURIComponent('#{string}'))</script>".html_safe
-        when "hex"
-          email_address_encoded = email_address_obfuscated.unpack('C*').map {|c|
-            sprintf("&#%d;", c)
-          }.join
-
-          string = 'mailto:'.unpack('C*').map { |c|
-            sprintf("&#%d;", c)
-          }.join + email_address.unpack('C*').map { |c|
-            char = c.chr
-            char =~ /\w/ ? sprintf("%%%x", c) : char
-          }.join
-
-          content_tag "a", name || email_address_encoded.html_safe, html_options.merge("href" => "#{string}#{extras}".html_safe)
-        else
-          content_tag "a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe)
-        end
+        
+        content_tag "a", name || email_address.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe)
       end
 
       # True if the current request URI was generated by the given +options+.