aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorDavid Heinemeier Hansson <david@loudthinking.com>2007-06-23 17:11:01 +0000
committerDavid Heinemeier Hansson <david@loudthinking.com>2007-06-23 17:11:01 +0000
commit4de8c63abbcaecbe72b925aedb8196c812463705 (patch)
tree4e6d1cbb5071c7f347ad971d75fb6366e47949bb /actionpack
parent4766f521ee183bf5cba66f0cdd88ec3f1d28d473 (diff)
downloadrails-4de8c63abbcaecbe72b925aedb8196c812463705.tar.gz
rails-4de8c63abbcaecbe72b925aedb8196c812463705.tar.bz2
rails-4de8c63abbcaecbe72b925aedb8196c812463705.zip
Fixed that link_to with an href of # when using :method will not allow for click-through without JavaScript (closes #7037) [stevenbristol/josh]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7096 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/CHANGELOG2
-rw-r--r--actionpack/lib/action_view/helpers/url_helper.rb28
-rw-r--r--actionpack/test/template/url_helper_test.rb7
3 files changed, 28 insertions, 9 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 1e270475ea..dc0ce55acd 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Fixed that link_to with an href of # when using :method will not allow for click-through without JavaScript #7037 [stevenbristol/josh]
+
* Fixed that radio_button_tag should generate unique ids #3353 [BobSilva/rebecca/josh]
* Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 [mislaw]
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 1fa9939d0e..01427f8bb8 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -107,6 +107,12 @@ module ActionView
# for post?, delete? or put?.
# * The +html_options+ will accept a hash of html attributes for the link tag.
#
+ # Note that if the user has JavaScript disabled, the request will fall back
+ # to using GET. If :href=>'#' is used and the user has JavaScript disabled
+ # clicking the link will have no effect. If you are relying on the POST
+ # behavior, your should check for it in your controllers action by using the
+ # request objects methods for post?, delete? or put?.
+ #
# You can mix and match the +html_options+ with the exception of
# :popup and :method which will raise an ActionView::ActionViewError
# exception.
@@ -127,16 +133,19 @@ module ActionView
# var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method');
# m.setAttribute('value', 'delete'); f.appendChild(m);f.submit(); };return false;">Delete Image</a>
def link_to(name, options = {}, html_options = nil)
+ url = options.is_a?(String) ? options : self.url_for(options)
+
if html_options
html_options = html_options.stringify_keys
- convert_options_to_javascript!(html_options)
+ href = html_options['href']
+ convert_options_to_javascript!(html_options, url)
tag_options = tag_options(html_options)
else
tag_options = nil
end
-
- url = options.is_a?(String) ? options : self.url_for(options)
- "<a href=\"#{url}\"#{tag_options}>#{name || url}</a>"
+
+ href_attr = "href=\"#{url}\"" unless href
+ "<a #{href_attr}#{tag_options}>#{name || url}</a>"
end
# Generates a form containing a single button that submits to the URL created
@@ -420,10 +429,10 @@ module ActionView
end
private
- def convert_options_to_javascript!(html_options)
+ def convert_options_to_javascript!(html_options, url = '')
confirm, popup = html_options.delete("confirm"), html_options.delete("popup")
- method = html_options.delete("method")
+ method, href = html_options.delete("method"), html_options['href']
html_options["onclick"] = case
when popup && method
@@ -435,7 +444,7 @@ module ActionView
when confirm
"return #{confirm_javascript_function(confirm)};"
when method
- "#{method_javascript_function(method)}return false;"
+ "#{method_javascript_function(method, url, href)}return false;"
when popup
popup_javascript_function(popup) + 'return false;'
else
@@ -451,10 +460,11 @@ module ActionView
popup.is_a?(Array) ? "window.open(this.href,'#{popup.first}','#{popup.last}');" : "window.open(this.href);"
end
- def method_javascript_function(method)
+ def method_javascript_function(method, url = '', href = nil)
+ action = (href && url.size > 0) ? "'#{url}'" : 'this.href'
submit_function =
"var f = document.createElement('form'); f.style.display = 'none'; " +
- "this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;"
+ "this.parentNode.appendChild(f); f.method = 'POST'; f.action = #{action};"
unless method == :post
submit_function << "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); "
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index 1a5521b3e4..32696165e9 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -158,6 +158,13 @@ class UrlHelperTest < Test::Unit::TestCase
)
end
+ def test_link_tag_using_delete_javascript_and_href
+ assert_dom_equal(
+ "<a href='\#' onclick=\"var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = 'http://www.example.com';var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method'); m.setAttribute('value', 'delete'); f.appendChild(m);f.submit();return false;\">Destroy</a>",
+ link_to("Destroy", "http://www.example.com", :method => :delete, :href => '#')
+ )
+ end
+
def test_link_tag_using_post_javascript_and_confirm
assert_dom_equal(
"<a href=\"http://www.example.com\" onclick=\"if (confirm('Are you serious?')) { var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit(); };return false;\">Hello</a>",