rails--rails/actionview/lib/action_view/helpers/output_safety_helper.rb

require 'active_support/core_ext/string/output_safety'

module ActionView #:nodoc:
  # = Action View Raw Output Helper
  module Helpers #:nodoc:
    module OutputSafetyHelper
      # This method outputs without escaping a string. Since escaping tags is
      # now default, this can be used when you don't want Rails to automatically
      # escape tags. This is not recommended if the data is coming from the user's
      # input.
      #
      # For example:
      #
      #  raw @user.name
      #  # => 'Jimmy <alert>Tables</alert>'
      def raw(stringish)
        stringish.to_s.html_safe
      end

      # This method returns a html safe string similar to what <tt>Array#join</tt>
      # would return. All items in the array, including the supplied separator, are
      # html escaped unless they are html safe, and the returned string is marked
      # as html safe.
      #
      #   safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
      #   # => "<p>foo</p>&lt;br /&gt;&lt;p&gt;bar&lt;/p&gt;"
      #
      #   safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe)
      #   # => "<p>foo</p><br /><p>bar</p>"
      #
      def safe_join(array, sep=$,)
        sep = ERB::Util.html_escape(sep)

        array.map { |i| ERB::Util.html_escape(i) }.join(sep).html_safe
      end
    end
  end
end
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned. Signed-off-by: José Valim <jose.valim@gmail.com> 2011-02-10 10:45:39 -05:00			`require 'active_support/core_ext/string/output_safety'`

			`module ActionView #:nodoc:`
			`# = Action View Raw Output Helper`
			`module Helpers #:nodoc:`
			`module OutputSafetyHelper`
			`# This method outputs without escaping a string. Since escaping tags is`
			`# now default, this can be used when you don't want Rails to automatically`
			`# escape tags. This is not recommended if the data is coming from the user's`
			`# input.`
			`#`
			`# For example:`
			`#`
Cleans documentation from Helpers [ci skip] 2012-12-01 14:38:07 -05:00			`# raw @user.name`
			`# # => 'Jimmy <alert>Tables</alert>'`
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned. Signed-off-by: José Valim <jose.valim@gmail.com> 2011-02-10 10:45:39 -05:00			`def raw(stringish)`
			`stringish.to_s.html_safe`
			`end`

			`# This method returns a html safe string similar to what <tt>Array#join</tt>`
			`# would return. All items in the array, including the supplied separator, are`
			`# html escaped unless they are html safe, and the returned string is marked`
			`# as html safe.`
			`#`
			`# safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")`
			`# # => "<p>foo</p><br /><p>bar</p>"`
			`#`
			`# safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe)`
			`# # => "<p>foo</p><br /><p>bar</p>"`
			`#`
			`def safe_join(array, sep=$,)`
html_escape already handles nil 2012-01-11 20:49:15 -05:00			`sep = ERB::Util.html_escape(sep)`
Removed Array#safe_join in AS core_ext and moved it to a view helper with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned. Signed-off-by: José Valim <jose.valim@gmail.com> 2011-02-10 10:45:39 -05:00
			`array.map { \|i\| ERB::Util.html_escape(i) }.join(sep).html_safe`
			`end`
			`end`
			`end`
Tiny refactor 2012-01-11 17:08:43 -05:00			`end`