In tag helper, honor html_safe on array parameters; also make safe_join more similar to Array.join by first calling flatten.

author: Paul Grayson <paul@pololu.com> 2014-06-10 17:33:34 -0700
committer: Paul Grayson <paul@pololu.com> 2014-06-12 15:30:40 -0700
commit: bcab3f20dac0fe993e5d31bf6acef28ec54e658b (patch)
tree: f3fd8f027b75814410245c91aa87963be1c9f00a /actionview/lib
parent: 80b4fe2c50feb295af64e1a8c960cfed4fd8ae19 (diff)
download: rails-bcab3f20dac0fe993e5d31bf6acef28ec54e658b.tar.gz
rails-bcab3f20dac0fe993e5d31bf6acef28ec54e658b.tar.bz2
rails-bcab3f20dac0fe993e5d31bf6acef28ec54e658b.zip
2 files changed, 19 insertions, 7 deletions
diff --git a/actionview/lib/action_view/helpers/output_safety_helper.rb b/actionview/lib/action_view/helpers/output_safety_helper.rb
index e1f40011c0..b0d9c7c7f9 100644
--- a/actionview/lib/action_view/helpers/output_safety_helper.rb
+++ b/actionview/lib/action_view/helpers/output_safety_helper.rb
@@ -18,9 +18,9 @@ module ActionView #:nodoc:
       end
 
       # This method returns a html safe string similar to what <tt>Array#join</tt>
-      # would return. All items in the array, including the supplied separator, are
-      # html escaped unless they are html safe, and the returned string is marked
-      # as html safe.
+      # would return. The array is flattened, and all items, including
+      # the supplied separator, are html escaped unless they are html
+      # safe, and the returned string is marked as html safe.
       #
       #   safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
       #   # => "<p>foo</p>&lt;br /&gt;&lt;p&gt;bar&lt;/p&gt;"
@@ -31,7 +31,7 @@ module ActionView #:nodoc:
       def safe_join(array, sep=$,)
         sep = ERB::Util.unwrapped_html_escape(sep)
 
-        array.map { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
+        array.flatten.map! { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
       end
     end
   end
diff --git a/actionview/lib/action_view/helpers/tag_helper.rb b/actionview/lib/action_view/helpers/tag_helper.rb
index 9b9ca7d60d..89a30d4b69 100644
--- a/actionview/lib/action_view/helpers/tag_helper.rb
+++ b/actionview/lib/action_view/helpers/tag_helper.rb
@@ -173,9 +173,21 @@ module ActionView
         end
 
         def tag_option(key, value, escape)
-          value = value.join(" ") if value.is_a?(Array)
-          value = ERB::Util.unwrapped_html_escape(value) if escape
-          %(#{key}="#{value}")
+          escaped_value = case value
+                          when Array
+                            if escape
+                              safe_join(value, " ")
+                            else
+                              value.join(" ")
+                            end
+                          else
+                            if escape
+                              ERB::Util.unwrapped_html_escape(value)
+                            else
+                              value
+                            end
+                          end
+          %(#{key}="#{escaped_value}")
         end
     end
   end
author	Paul Grayson <paul@pololu.com>	2014-06-10 17:33:34 -0700
committer	Paul Grayson <paul@pololu.com>	2014-06-12 15:30:40 -0700
commit	bcab3f20dac0fe993e5d31bf6acef28ec54e658b (patch)
tree	f3fd8f027b75814410245c91aa87963be1c9f00a /actionview/lib
parent	80b4fe2c50feb295af64e1a8c960cfed4fd8ae19 (diff)
download	rails-bcab3f20dac0fe993e5d31bf6acef28ec54e658b.tar.gz rails-bcab3f20dac0fe993e5d31bf6acef28ec54e658b.tar.bz2 rails-bcab3f20dac0fe993e5d31bf6acef28ec54e658b.zip