diff options
Diffstat (limited to 'actionpack')
5 files changed, 41 insertions, 97 deletions
diff --git a/actionpack/lib/action_view/helpers.rb b/actionpack/lib/action_view/helpers.rb index d338ce616a..41013c800c 100644 --- a/actionpack/lib/action_view/helpers.rb +++ b/actionpack/lib/action_view/helpers.rb @@ -18,7 +18,7 @@ module ActionView #:nodoc: autoload :JavaScriptHelper, "action_view/helpers/javascript_helper" autoload :NumberHelper autoload :PrototypeHelper - autoload :OutputSafetyHelper + autoload :RawOutputHelper autoload :RecordTagHelper autoload :SanitizeHelper autoload :ScriptaculousHelper @@ -48,7 +48,7 @@ module ActionView #:nodoc: include JavaScriptHelper include NumberHelper include PrototypeHelper - include OutputSafetyHelper + include RawOutputHelper include RecordTagHelper include SanitizeHelper include ScriptaculousHelper diff --git a/actionpack/lib/action_view/helpers/output_safety_helper.rb b/actionpack/lib/action_view/helpers/output_safety_helper.rb deleted file mode 100644 index 39f3f38e33..0000000000 --- a/actionpack/lib/action_view/helpers/output_safety_helper.rb +++ /dev/null @@ -1,40 +0,0 @@ -require 'active_support/core_ext/string/output_safety' - -module ActionView #:nodoc: - # = Action View Raw Output Helper - module Helpers #:nodoc: - module OutputSafetyHelper - # This method outputs without escaping a string. Since escaping tags is - # now default, this can be used when you don't want Rails to automatically - # escape tags. This is not recommended if the data is coming from the user's - # input. - # - # For example: - # - # <%=raw @user.name %> - def raw(stringish) - stringish.to_s.html_safe - end - - # This method returns a html safe string using <tt>Array#join</tt> if all - # the items in the array, including the supplied separator, are html safe. - # Otherwise the result of <tt>Array#join</tt> is returned without marking - # it as html safe. - # - # safe_join(["Mr", "Bojangles"]).html_safe? - # # => false - # - # safe_join(["Mr".html_safe, "Bojangles".html_safe]).html_safe? - # # => true - # - def safe_join(array, sep=$,) - sep ||= "".html_safe - str = array.join(sep) - - is_html_safe = array.all? { |item| item.html_safe? } - - (sep.html_safe? && is_html_safe) ? str.html_safe : str - end - end - end -end
\ No newline at end of file diff --git a/actionpack/lib/action_view/helpers/raw_output_helper.rb b/actionpack/lib/action_view/helpers/raw_output_helper.rb new file mode 100644 index 0000000000..216683a2e0 --- /dev/null +++ b/actionpack/lib/action_view/helpers/raw_output_helper.rb @@ -0,0 +1,18 @@ +module ActionView #:nodoc: + # = Action View Raw Output Helper + module Helpers #:nodoc: + module RawOutputHelper + # This method outputs without escaping a string. Since escaping tags is + # now default, this can be used when you don't want Rails to automatically + # escape tags. This is not recommended if the data is coming from the user's + # input. + # + # For example: + # + # <%=raw @user.name %> + def raw(stringish) + stringish.to_s.html_safe + end + end + end +end
\ No newline at end of file diff --git a/actionpack/test/template/output_safety_helper_test.rb b/actionpack/test/template/output_safety_helper_test.rb deleted file mode 100644 index 3c52b63d40..0000000000 --- a/actionpack/test/template/output_safety_helper_test.rb +++ /dev/null @@ -1,55 +0,0 @@ -require 'abstract_unit' -require 'testing_sandbox' - -class OutputSafetyHelperTest < ActionView::TestCase - tests ActionView::Helpers::OutputSafetyHelper - include TestingSandbox - - def setup - @string = "hello" - end - - test "raw returns the safe string" do - result = raw(@string) - assert_equal @string, result - assert result.html_safe? - end - - test "raw handles nil values correctly" do - assert_equal "", raw(nil) - end - - test "joining safe elements without a separator is safe" do - array = 5.times.collect { "some string".html_safe } - assert safe_join(array).html_safe? - end - - test "Joining safe elements with a safe separator is safe" do - array = 5.times.collect { "some string".html_safe } - assert safe_join(array, "-".html_safe).html_safe? - end - - test "Joining safe elements with an unsafe separator is unsafe" do - array = 5.times.collect { "some string".html_safe } - assert !safe_join(array, "-").html_safe? - end - - test "Joining is unsafe if any element is unsafe even with a safe separator" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !safe_join(array, "-".html_safe).html_safe? - end - - test "Joining is unsafe if any element is unsafe and no separator is given" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !safe_join(array).html_safe? - end - - test "Joining is unsafe if any element is unsafe and the separator is unsafe" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !safe_join(array, "-").html_safe? - end - -end
\ No newline at end of file diff --git a/actionpack/test/template/raw_output_helper_test.rb b/actionpack/test/template/raw_output_helper_test.rb new file mode 100644 index 0000000000..598aa5b1d8 --- /dev/null +++ b/actionpack/test/template/raw_output_helper_test.rb @@ -0,0 +1,21 @@ +require 'abstract_unit' +require 'testing_sandbox' + +class RawOutputHelperTest < ActionView::TestCase + tests ActionView::Helpers::RawOutputHelper + include TestingSandbox + + def setup + @string = "hello" + end + + test "raw returns the safe string" do + result = raw(@string) + assert_equal @string, result + assert result.html_safe? + end + + test "raw handles nil values correctly" do + assert_equal "", raw(nil) + end +end
\ No newline at end of file |