aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib
diff options
context:
space:
mode:
authorNicholas Seckar <nseckar@gmail.com>2006-03-22 19:41:39 +0000
committerNicholas Seckar <nseckar@gmail.com>2006-03-22 19:41:39 +0000
commitc05c22a45f9332f50eb6efae5a393268f6b6609d (patch)
treeaded989d9cb75e5a8a5bec5bc4763e860de7240c /actionpack/lib
parent2d24bed3a072aac1a0087ec4c4681889e49ea6a4 (diff)
downloadrails-c05c22a45f9332f50eb6efae5a393268f6b6609d.tar.gz
rails-c05c22a45f9332f50eb6efae5a393268f6b6609d.tar.bz2
rails-c05c22a45f9332f50eb6efae5a393268f6b6609d.zip
Fix double url escaping of remote_function. Add :escape => false option to ActionView's url_for.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4014 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib')
-rw-r--r--actionpack/lib/action_view/helpers/prototype_helper.rb4
-rw-r--r--actionpack/lib/action_view/helpers/url_helper.rb14
2 files changed, 15 insertions, 3 deletions
diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb
index de964edae8..40bb18c624 100644
--- a/actionpack/lib/action_view/helpers/prototype_helper.rb
+++ b/actionpack/lib/action_view/helpers/prototype_helper.rb
@@ -301,7 +301,9 @@ module ActionView
"new Ajax.Request(" :
"new Ajax.Updater(#{update}, "
- function << "'#{url_for(options[:url])}'"
+ url_options = options[:url]
+ url_options = url_options.merge(:escape => false) if url_options.is_a? Hash
+ function << "'#{url_for(url_options)}'"
function << ", #{javascript_options})"
function = "#{options[:before]}; #{function}" if options[:before]
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index ae5f0c230d..5cbf728961 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -13,9 +13,19 @@ module ActionView
# as url_for. For a list, see the documentation for ActionController::Base#url_for.
# Note that it'll set :only_path => true so you'll get /controller/action instead of the
# http://example.com/controller/action part (makes it harder to parse httpd log files)
+ #
+ # When called from a view, url_for returns an HTML escaped url. If you need an unescaped
+ # url, pass :escape => false to url_for.
+ #
def url_for(options = {}, *parameters_for_method_reference)
- options = { :only_path => true }.update(options.symbolize_keys) if options.kind_of? Hash
- html_escape(@controller.send(:url_for, options, *parameters_for_method_reference))
+ if options.kind_of? Hash
+ options = { :only_path => true }.update(options.symbolize_keys)
+ escape = options.key?(:escape) ? options.delete(:escape) : true
+ else
+ escape = true
+ end
+ url = @controller.send(:url_for, options, *parameters_for_method_reference)
+ escape ? html_escape(url) : url
end
# Creates a link tag of the given +name+ using an URL created by the set of +options+. See the valid options in