require 'active_support/core_ext/string/output_safety' require 'set' module ActionView # = Action View Tag Helpers module Helpers #:nodoc: # Provides methods to generate HTML tags programmatically both as a modern # HTML5 compliant builder style and legacy XHTML compliant tags. module TagHelper extend ActiveSupport::Concern include CaptureHelper include OutputSafetyHelper BOOLEAN_ATTRIBUTES = %w(disabled readonly multiple checked autobuffer autoplay controls loop selected hidden scoped async defer reversed ismap seamless muted required autofocus novalidate formnovalidate open pubdate itemscope allowfullscreen default inert sortable truespeed typemustmatch).to_set BOOLEAN_ATTRIBUTES.merge(BOOLEAN_ATTRIBUTES.map(&:to_sym)) TAG_PREFIXES = ['aria', 'data', :aria, :data].to_set PRE_CONTENT_STRINGS = Hash.new { "".freeze } PRE_CONTENT_STRINGS[:textarea] = "\n" PRE_CONTENT_STRINGS["textarea"] = "\n" class TagBuilder #:nodoc: include CaptureHelper include OutputSafetyHelper VOID_ELEMENTS = %i(base br col embed hr img input keygen link meta param source track wbr).to_set def initialize(view_context) @view_context = view_context end def tag_string(name, content = nil, escape_attributes: true, **options, &block) content = @view_context.capture(self, &block) if block_given? if VOID_ELEMENTS.include?(name) && content.nil? "<#{name.to_s.dasherize}#{tag_options(options, escape_attributes)}>".html_safe else content_tag_string(name.to_s.dasherize, content || ''.freeze, options, escape_attributes) end end def content_tag_string(name, content, options, escape = true) tag_options = tag_options(options, escape) if options content = ERB::Util.unwrapped_html_escape(content) if escape "<#{name}#{tag_options}>#{PRE_CONTENT_STRINGS[name]}#{content}".html_safe end def tag_options(options, escape = true) return if options.blank? output = "" sep = " ".freeze options.each_pair do |key, value| if TAG_PREFIXES.include?(key) && value.is_a?(Hash) value.each_pair do |k, v| next if v.nil? output << sep output << prefix_tag_option(key, k, v, escape) end elsif BOOLEAN_ATTRIBUTES.include?(key) if value output << sep output << boolean_tag_option(key) end elsif !value.nil? output << sep output << tag_option(key, value, escape) end end output unless output.empty? end def boolean_tag_option(key) %(#{key}="#{key}") end def tag_option(key, value, escape) if value.is_a?(Array) value = escape ? safe_join(value, " ".freeze) : value.join(" ".freeze) else value = escape ? ERB::Util.unwrapped_html_escape(value) : value end %(#{key}="#{value}") end private def prefix_tag_option(prefix, key, value, escape) key = "#{prefix}-#{key.to_s.dasherize}" unless value.is_a?(String) || value.is_a?(Symbol) || value.is_a?(BigDecimal) value = value.to_json end tag_option(key, value, escape) end def respond_to_missing?(*args) true end def method_missing(called, *args, &block) tag_string(called, *args, &block) end end # Returns an HTML tag. # # === Building HTML tags # Builds HTML5 compliant tags with a tag proxy. Every tag can be built with: # # tag.(optional content, options) # # where tag name can be e.g. br, div, section, article, or any tag really. # # ==== Passing content # Tags can pass content to embed within it: # # tag.h1 'All shit fit to print' # =>

All shit fit to print

# # tag.div tag.p('Hello world!') # =>

Hello world!

# # Content can also be captured with a block. Great for ERB templates: # # <%= tag.p do %> # The next great American novel starts here. # <% end %> # # =>

The next great American novel starts here.

# # ==== Options # Any passed options becomes attributes on the generated tag. # # tag.section class: %w( kitties puppies ) # # =>
# # tag.section id: dom_id(@post) # # =>
# # Pass true for any attributes that can render with no values like +disabled+. # # tag.input type: 'text', disabled: true # # => # # HTML5 data-* attributes can be set with a single +data+ key # pointing to a hash of sub-attributes. # # To play nicely with JavaScript conventions sub-attributes are dasherized. # # tag.article data: { user_id: 123 } # # =>
# # Thus data-user-id can be accessed as dataset.userId. # # Data attribute values are encoded to JSON, with the exception of strings, symbols and # BigDecimals. # This may come in handy when using jQuery's HTML5-aware .data() # from 1.4.3. # # tag.div data: { city_state: %w( Chigaco IL ) } # # =>
# # The generated attributes are escaped by default, but it can be turned off with # +escape_attributes+. # # tag.img src: 'open & shut.png' # # => # # tag.img src: 'open & shut.png', escape_attributes: false # # => # # The tag builder respects # [HTML5 void elements](https://www.w3.org/TR/html5/syntax.html#void-elements) # if no content is passed, and omits closing tags for those elements. # # # A standard element: # tag.div # =>
# # # A void element: # tag.br # =>
# # === Legacy syntax # Following format is legacy syntax. It will be deprecated in future versions of rails. # # tag(tag_name, options) # # === Building HTML tags # Returns an empty HTML tag of type +name+ which by default is XHTML # compliant. Set +open+ to true to create an open tag compatible # with HTML 4.0 and below. Add HTML attributes by passing an attributes # hash to +options+. Set +escape+ to false to disable attribute value # escaping. # # ==== Options # You can use symbols or strings for the attribute names. # # Use +true+ with boolean attributes that can render with no value, like # +disabled+ and +readonly+. # # HTML5 data-* attributes can be set with a single +data+ key # pointing to a hash of sub-attributes. # # To play nicely with JavaScript conventions sub-attributes are dasherized. # For example, a key +user_id+ would render as data-user-id and # thus accessed as dataset.userId. # # Values are encoded to JSON, with the exception of strings, symbols and # BigDecimals. # This may come in handy when using jQuery's HTML5-aware .data() # from 1.4.3. # # ==== Examples # tag("br") # # =>
# # tag("br", nil, true) # # =>
# # tag("input", type: 'text', disabled: true) # # => # # tag("input", type: 'text', class: ["strong", "highlight"]) # # => # # tag("img", src: "open & shut.png") # # => # # tag("img", {src: "open & shut.png"}, false, false) # # => # # tag("div", data: {name: 'Stephen', city_state: %w(Chicago IL)}) # # =>
def tag(name = nil, options = nil, open = false, escape = true) if name.nil? tag_builder else "<#{name}#{tag_builder.tag_options(options, escape) if options}#{open ? ">" : " />"}".html_safe end end # Returns an HTML block tag of type +name+ surrounding the +content+. Add # HTML attributes by passing an attributes hash to +options+. # Instead of passing the content as an argument, you can also use a block # in which case, you pass your +options+ as the second parameter. # Set escape to false to disable attribute value escaping. # Note: this is legacy syntax, see +tag+ method description for details. # # ==== Options # The +options+ hash can be used with attributes with no value like (disabled and # readonly), which you can give a value of true in the +options+ hash. You can use # symbols or strings for the attribute names. # # ==== Examples # content_tag(:p, "Hello world!") # # =>

Hello world!

# content_tag(:div, content_tag(:p, "Hello world!"), class: "strong") # # =>

Hello world!

# content_tag(:div, "Hello world!", class: ["strong", "highlight"]) # # =>
Hello world!
# content_tag("select", options, multiple: true) # # => # # <%= content_tag :div, class: "strong" do -%> # Hello world! # <% end -%> # # =>
Hello world!
def content_tag(name, content_or_options_with_block = nil, options = nil, escape = true, &block) if block_given? options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash) tag_builder.content_tag_string(name, capture(&block), options, escape) else tag_builder.content_tag_string(name, content_or_options_with_block, options, escape) end end # Returns a CDATA section with the given +content+. CDATA sections # are used to escape blocks of text containing characters which would # otherwise be recognized as markup. CDATA sections begin with the string # and end with (and may not contain) the string ]]>. # # cdata_section("") # # => ]]> # # cdata_section(File.read("hello_world.txt")) # # => # # cdata_section("hello]]>world") # # => world]]> def cdata_section(content) splitted = content.to_s.gsub(/\]\]\>/, ']]]]>') "".html_safe end # Returns an escaped version of +html+ without affecting existing escaped entities. # # escape_once("1 < 2 & 3") # # => "1 < 2 & 3" # # escape_once("<< Accept & Checkout") # # => "<< Accept & Checkout" def escape_once(html) ERB::Util.html_escape_once(html) end private def tag_builder @tag_builder ||= TagBuilder.new(self) end end end end