diff options
| author | Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> | 2012-05-31 09:18:14 -0300 |
|---|---|---|
| committer | Carlos Antonio da Silva <carlosantoniodasilva@gmail.com> | 2012-05-31 09:44:10 -0300 |
| commit | e2f5f01675f3c575e820532ab7cce6fe068ecb28 (patch) | |
| tree | 22cd78c27df5e8b9728b6bd153cb321d3ea509b7 /actionpack | |
| parent | b6eb22cb6490e4c8d0b19541703b0322968c5a1c (diff) | |
| download | rails-e2f5f01675f3c575e820532ab7cce6fe068ecb28.tar.gz rails-e2f5f01675f3c575e820532ab7cce6fe068ecb28.tar.bz2 rails-e2f5f01675f3c575e820532ab7cce6fe068ecb28.zip | |
Simplify link_to using content_tag
Add some tests for link_to with blocks and escaping content.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 18 | ||||
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 20 |
2 files changed, 26 insertions, 12 deletions
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 4b8106f465..7f5b3c8a0f 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -234,20 +234,14 @@ module ActionView # link_to("Destroy", "http://www.example.com", :method => :delete, :confirm => "Are you sure?") # # => <a href='http://www.example.com' rel="nofollow" data-method="delete" data-confirm="Are you sure?">Destroy</a> def link_to(name = nil, options = nil, html_options = nil, &block) - if block_given? - html_options, options = options, name - link_to(capture(&block), options, html_options) - else - options ||= {} - html_options = convert_options_to_data_attributes(options, html_options) + html_options, options = options, name if block_given? + options ||= {} + url = url_for(options) - url = url_for(options) - href = html_options['href'] - tag_options = tag_options(html_options) + html_options = convert_options_to_data_attributes(options, html_options) + html_options['href'] ||= url - href_attr = "href=\"#{ERB::Util.html_escape(url)}\"" unless href - "<a #{href_attr}#{tag_options}>#{ERB::Util.html_escape(name || url)}</a>".html_safe - end + content_tag(:a, name || url, html_options, &block) end # Generates a form containing a single button that submits to the URL created diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index 365a86ab91..62608a727f 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -277,6 +277,16 @@ class UrlHelperTest < ActiveSupport::TestCase ) end + def test_link_tag_with_block + assert_dom_equal '<a href="/"><span>Example site</span></a>', + link_to('/') { content_tag(:span, 'Example site') } + end + + def test_link_tag_with_block_and_html_options + assert_dom_equal '<a class="special" href="/"><span>Example site</span></a>', + link_to('/', :class => "special") { content_tag(:span, 'Example site') } + end + def test_link_tag_using_block_in_erb out = render_erb %{<%= link_to('/') do %>Example site<% end %>} assert_equal '<a href="/">Example site</a>', out @@ -289,6 +299,16 @@ class UrlHelperTest < ActiveSupport::TestCase ) end + def test_link_tag_escapes_content + assert_dom_equal '<a href="/">Malicious <script>content</script></a>', + link_to("Malicious <script>content</script>", "/") + end + + def test_link_tag_does_not_escape_html_safe_content + assert_dom_equal '<a href="/">Malicious <script>content</script></a>', + link_to("Malicious <script>content</script>".html_safe, "/") + end + def test_link_to_unless assert_equal "Showing", link_to_unless(true, "Showing", url_hash) |