diff options
| author | Rick Olson <technoweenie@gmail.com> | 2006-10-18 16:42:19 +0000 |
|---|---|---|
| committer | Rick Olson <technoweenie@gmail.com> | 2006-10-18 16:42:19 +0000 |
| commit | dbd0bd5e5c9946ffb48bf8651f81ebc6dd9b52e5 (patch) | |
| tree | 0b285eb84a3a651e3b1ba59b64010644bc7fcc45 /actionpack/lib | |
| parent | 02358c83b76f9fc56b6cabaee24b244d17d08cff (diff) | |
| download | rails-dbd0bd5e5c9946ffb48bf8651f81ebc6dd9b52e5.tar.gz rails-dbd0bd5e5c9946ffb48bf8651f81ebc6dd9b52e5.tar.bz2 rails-dbd0bd5e5c9946ffb48bf8651f81ebc6dd9b52e5.zip | |
Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5322 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_view/helpers/tag_helper.rb | 11 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 4 |
2 files changed, 12 insertions, 3 deletions
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index 6001b21e63..f913c99abb 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -31,10 +31,19 @@ module ActionView "<![CDATA[#{content}]]>" end + # Escapes a given string, while leaving any currently escaped entities alone. + # + # escape_once("1 > 2 & 3") + # # => "1 < 2 & 3" + # + def escape_once(html) + fix_double_escape(html_escape(html.to_s)) + end + private def tag_options(options) cleaned_options = convert_booleans(options.stringify_keys.reject {|key, value| value.nil?}) - ' ' + cleaned_options.map {|key, value| %(#{key}="#{fix_double_escape(html_escape(value.to_s))}")}.sort * ' ' unless cleaned_options.empty? + ' ' + cleaned_options.map {|key, value| %(#{key}="#{escape_once(value)}")}.sort * ' ' unless cleaned_options.empty? end def convert_booleans(options) diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 42c28335d5..4f52a018a7 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -131,8 +131,8 @@ module ActionView name ||= url html_options.merge!("type" => "submit", "value" => name) - - "<form method=\"#{form_method}\" action=\"#{h url}\" class=\"button-to\"><div>" + + + "<form method=\"#{form_method}\" action=\"#{escape_once url}\" class=\"button-to\"><div>" + method_tag + tag("input", html_options) + "</div></form>" end |