diff options
| author | Nicholas Seckar <nseckar@gmail.com> | 2006-03-18 22:36:52 +0000 |
|---|---|---|
| committer | Nicholas Seckar <nseckar@gmail.com> | 2006-03-18 22:36:52 +0000 |
| commit | 1e7ce13b372e554438aa58c466dc100ef174ae9e (patch) | |
| tree | e57458358882d8495ba3f55ae15aeaba3b07afd9 /actionpack/lib | |
| parent | eba58b2c12586fc0558b805679b236a8379dd47a (diff) | |
| download | rails-1e7ce13b372e554438aa58c466dc100ef174ae9e.tar.gz rails-1e7ce13b372e554438aa58c466dc100ef174ae9e.tar.bz2 rails-1e7ce13b372e554438aa58c466dc100ef174ae9e.zip | |
Change url_for to escape the resulting URLs when called from a view. Closes #4202
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3953 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index de6137659e..c4c8fca98e 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -15,7 +15,7 @@ module ActionView # http://example.com/controller/action part (makes it harder to parse httpd log files) def url_for(options = {}, *parameters_for_method_reference) options = { :only_path => true }.update(options.symbolize_keys) if options.kind_of? Hash - @controller.send(:url_for, options, *parameters_for_method_reference) + html_escape(@controller.send(:url_for, options, *parameters_for_method_reference)) end # Creates a link tag of the given +name+ using an URL created by the set of +options+. See the valid options in @@ -46,8 +46,8 @@ module ActionView else tag_options = nil end - url = html_escape(options.is_a?(String) ? options : url_for(options, *parameters_for_method_reference)) - "<a href=\"#{url}\"#{tag_options}>#{name||url}</a>" + url = options.is_a?(String) ? options : self.url_for(options, *parameters_for_method_reference) + "<a href=\"#{url}\"#{tag_options}>#{name || url}</a>" end # Generates a form containing a sole button that submits to the @@ -104,11 +104,10 @@ module ActionView if confirm = html_options.delete("confirm") html_options["onclick"] = "return #{confirm_javascript_function(confirm)};" end - - url, name = options.is_a?(String) ? - [ options, name || options ] : - [ url_for(options), name || html_escape(url_for(options)) ] - + + url = options.is_a?(String) ? options : url_for(options) + name ||= url + html_options.merge!("type" => "submit", "value" => name) "<form method=\"post\" action=\"#{h url}\" class=\"button-to\"><div>" + @@ -197,6 +196,7 @@ module ActionView # mail_to "me@domain.com", "My email", :cc => "ccaddress@domain.com", :bcc => "bccaddress@domain.com", :subject => "This is an example email", :body => "This is the body of the message." # => # <a href="mailto:me@domain.com?cc="ccaddress@domain.com"&bcc="bccaddress@domain.com"&body="This%20is%20the%20body%20of%20the%20message."&subject="This%20is%20an%20example%20email">My email</a> def mail_to(email_address, name = nil, html_options = {}) + name = html_escape(name) if name html_options = html_options.stringify_keys encode = html_options.delete("encode") cc, bcc, subject, body = html_options.delete("cc"), html_options.delete("bcc"), html_options.delete("subject"), html_options.delete("body") |