kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

In actionview, eliminate calls to tag that use html_safe parameter values. This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves.

Browse source
This commit is contained in:
Paul Grayson 2014-06-13 11:08:11 -07:00
parent 6071d626e5
commit 19af434840
3 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
actionview/lib/action_view/helpers/form_tag_helper.rb
View file

@ -794,9 +794,11 @@ module ActionView
end
# Creates the hidden UTF8 enforcer tag. Override this method in a helper
# to customize the tag.
# to customize the tag. Note that we have the HTML written out
# explicitly here to avoid potential problems with including a
# unicode character in output.
def utf8_enforcer_tag
tag(:input, :type => "hidden", :name => "utf8", :value => "✓".html_safe)
%{<input name="utf8" type="hidden" value="&#x2713;" />}.html_safe
end
private

1
actionview/lib/action_view/helpers/tags/text_field.rb
View file

@ -7,7 +7,6 @@ module ActionView
options["size"] = options["maxlength"] unless options.key?("size")
options["type"] ||= field_type
options["value"] = options.fetch("value") { value_before_type_cast(object) } unless field_type == "file"
options["value"] &&= ERB::Util.html_escape(options["value"])
add_default_name_and_id(options)
tag("input", options)
end

8
actionview/lib/action_view/helpers/url_helper.rb
View file

@ -462,8 +462,6 @@ module ActionView
# <strong>Email me:</strong> <span>me@domain.com</span>
# </a>
def mail_to(email_address, name = nil, html_options = {}, &block)
email_address = ERB::Util.unwrapped_html_escape(email_address)
html_options, name = name, nil if block_given?
html_options = (html_options || {}).stringify_keys
@ -471,11 +469,11 @@ module ActionView
option = html_options.delete(item) || next
"#{item}=#{Rack::Utils.escape_path(option)}"
}.compact
extras = extras.empty? ? '' : '?' + ERB::Util.unwrapped_html_escape(extras.join('&'))
extras = extras.empty? ? '' : '?' + extras.join('&')
html_options["href"] = "mailto:#{email_address}#{extras}".html_safe
html_options["href"] = "mailto:#{email_address}#{extras}"
content_tag(:a, name || email_address.html_safe, html_options, &block)
content_tag(:a, name || email_address, html_options, &block)
end
# True if the current request URI was generated by the given +options+.