From e2f5f01675f3c575e820532ab7cce6fe068ecb28 Mon Sep 17 00:00:00 2001
From: Carlos Antonio da Silva <carlosantoniodasilva@gmail.com>
Date: Thu, 31 May 2012 09:18:14 -0300
Subject: Simplify link_to using content_tag

Add some tests for link_to with blocks and escaping content.
---
 actionpack/lib/action_view/helpers/url_helper.rb | 18 ++++++------------
 actionpack/test/template/url_helper_test.rb      | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 12 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 4b8106f465..7f5b3c8a0f 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -234,20 +234,14 @@ module ActionView
       #   link_to("Destroy", "http://www.example.com", :method => :delete, :confirm => "Are you sure?")
       #   # => <a href='http://www.example.com' rel="nofollow" data-method="delete" data-confirm="Are you sure?">Destroy</a>
       def link_to(name = nil, options = nil, html_options = nil, &block)
-        if block_given?
-          html_options, options = options, name
-          link_to(capture(&block), options, html_options)
-        else
-          options ||= {}
-          html_options = convert_options_to_data_attributes(options, html_options)
+        html_options, options = options, name if block_given?
+        options ||= {}
+        url       = url_for(options)
 
-          url  = url_for(options)
-          href = html_options['href']
-          tag_options = tag_options(html_options)
+        html_options = convert_options_to_data_attributes(options, html_options)
+        html_options['href'] ||= url
 
-          href_attr = "href=\"#{ERB::Util.html_escape(url)}\"" unless href
-          "<a #{href_attr}#{tag_options}>#{ERB::Util.html_escape(name || url)}</a>".html_safe
-        end
+        content_tag(:a, name || url, html_options, &block)
       end
 
       # Generates a form containing a single button that submits to the URL created
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index 365a86ab91..62608a727f 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -277,6 +277,16 @@ class UrlHelperTest < ActiveSupport::TestCase
     )
   end
 
+  def test_link_tag_with_block
+    assert_dom_equal '<a href="/"><span>Example site</span></a>',
+      link_to('/') { content_tag(:span, 'Example site') }
+  end
+
+  def test_link_tag_with_block_and_html_options
+    assert_dom_equal '<a class="special" href="/"><span>Example site</span></a>',
+      link_to('/', :class => "special") { content_tag(:span, 'Example site') }
+  end
+
   def test_link_tag_using_block_in_erb
     out = render_erb %{<%= link_to('/') do %>Example site<% end %>}
     assert_equal '<a href="/">Example site</a>', out
@@ -289,6 +299,16 @@ class UrlHelperTest < ActiveSupport::TestCase
     )
   end
 
+  def test_link_tag_escapes_content
+    assert_dom_equal '<a href="/">Malicious &lt;script&gt;content&lt;/script&gt;</a>',
+      link_to("Malicious <script>content</script>", "/")
+  end
+
+  def test_link_tag_does_not_escape_html_safe_content
+    assert_dom_equal '<a href="/">Malicious <script>content</script></a>',
+      link_to("Malicious <script>content</script>".html_safe, "/")
+  end
+
   def test_link_to_unless
     assert_equal "Showing", link_to_unless(true, "Showing", url_hash)
 
-- 
cgit v1.2.3