mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
b387d9a14a
Also changed usage of html_safe to make use of raw() instead so that the intended behaviour is verified with raw()
38 lines
1.3 KiB
Ruby
38 lines
1.3 KiB
Ruby
require 'active_support/core_ext/string/output_safety'
|
|
|
|
module ActionView #:nodoc:
|
|
# = Action View Raw Output Helper
|
|
module Helpers #:nodoc:
|
|
module OutputSafetyHelper
|
|
# This method outputs without escaping a string. Since escaping tags is
|
|
# now default, this can be used when you don't want Rails to automatically
|
|
# escape tags. This is not recommended if the data is coming from the user's
|
|
# input.
|
|
#
|
|
# For example:
|
|
#
|
|
# raw @user.name
|
|
# # => 'Jimmy <alert>Tables</alert>'
|
|
def raw(stringish)
|
|
stringish.to_s.html_safe
|
|
end
|
|
|
|
# This method returns an HTML safe string similar to what <tt>Array#join</tt>
|
|
# would return. The array is flattened, and all items, including
|
|
# the supplied separator, are HTML escaped unless they are HTML
|
|
# safe, and the returned string is marked as HTML safe.
|
|
#
|
|
# safe_join([raw("<p>foo</p>"), "<p>bar</p>"], "<br />")
|
|
# # => "<p>foo</p><br /><p>bar</p>"
|
|
#
|
|
# safe_join([raw("<p>foo</p>"), raw("<p>bar</p>")], raw("<br />")
|
|
# # => "<p>foo</p><br /><p>bar</p>"
|
|
#
|
|
def safe_join(array, sep=$,)
|
|
sep = ERB::Util.unwrapped_html_escape(sep)
|
|
|
|
array.flatten.map! { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
|
|
end
|
|
end
|
|
end
|
|
end
|