From dacbcbe55745aa9e5484b10b11f65ccca7db1c54 Mon Sep 17 00:00:00 2001
From: Vasiliy Ermolovich <younash@gmail.com>
Date: Sat, 21 Jul 2012 13:34:03 +0300
Subject: don't escape options in option_html_attributes method

we don't need to escape values in this method as we pass
these html attributes to `tag_options` method that handle escaping as
well.

it fixes the case when we want to pass html5 data options
---
 .../lib/action_view/helpers/form_options_helper.rb  |  2 +-
 .../test/template/form_options_helper_test.rb       | 21 ++++++++++++++-------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb
index 72fbbd109a..c88af0355f 100644
--- a/actionpack/lib/action_view/helpers/form_options_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_options_helper.rb
@@ -711,7 +711,7 @@ module ActionView
         def option_html_attributes(element)
           return {} unless Array === element
 
-          Hash[element.select { |e| Hash === e }.reduce({}, :merge).map { |k, v| [k, ERB::Util.html_escape(v.to_s)] }]
+          Hash[element.select { |e| Hash === e }.reduce({}, :merge).map { |k, v| [k, v] }]
         end
 
         def option_text_and_value(option)
diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb
index 2322fb0406..96d99367be 100644
--- a/actionpack/test/template/form_options_helper_test.rb
+++ b/actionpack/test/template/form_options_helper_test.rb
@@ -1130,6 +1130,13 @@ class FormOptionsHelperTest < ActionView::TestCase
     )
   end
 
+  def test_options_for_select_with_data_element
+    assert_dom_equal(
+      "<option value=\"&lt;Denmark&gt;\" data-test=\"bold\">&lt;Denmark&gt;</option>",
+      options_for_select([ [ "<Denmark>", { :data => { :test => 'bold' } } ] ])
+    )
+  end
+
   def test_options_for_select_with_element_attributes_and_selection
     assert_dom_equal(
       "<option value=\"&lt;Denmark&gt;\">&lt;Denmark&gt;</option>\n<option value=\"USA\" class=\"bold\" selected=\"selected\">USA</option>\n<option value=\"Sweden\">Sweden</option>",
@@ -1144,6 +1151,13 @@ class FormOptionsHelperTest < ActionView::TestCase
     )
   end
 
+  def test_options_for_select_with_special_characters
+    assert_dom_equal(
+      "<option value=\"&lt;Denmark&gt;\" onclick=\"alert(&quot;&lt;code&gt;&quot;)\">&lt;Denmark&gt;</option>",
+      options_for_select([ [ "<Denmark>", { :onclick => %(alert("<code>")) } ] ])
+    )
+  end
+
   def test_option_html_attributes_from_without_hash
     assert_equal(
       {},
@@ -1172,13 +1186,6 @@ class FormOptionsHelperTest < ActionView::TestCase
     )
   end
 
-  def test_option_html_attributes_with_special_characters
-    assert_equal(
-      {:onclick => "alert(&quot;&lt;code&gt;&quot;)"},
-      option_html_attributes([ 'foo', 'bar', { :onclick => %(alert("<code>")) } ])
-    )
-  end
-
   def test_grouped_collection_select
     @post = Post.new
     @post.origin = 'dk'
-- 
cgit v1.2.3