Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Removed Array#safe_join in AS core_ext and moved it to a view helper …

…with the same same. This also changes how safe_join works, if items or the separator are not html_safe they are html_escape'd, a html_safe string is always returned.

Signed-off-by: José Valim <jose.valim@gmail.com>
  • Loading branch information...
commit 1814298d7590988d354955efdb0bc495b359293b 1 parent 89a5f14
@joshk joshk authored josevalim committed
View
4 actionpack/lib/action_view/helpers.rb
@@ -18,7 +18,7 @@ module Helpers #:nodoc:
autoload :JavaScriptHelper, "action_view/helpers/javascript_helper"
autoload :NumberHelper
autoload :PrototypeHelper
- autoload :RawOutputHelper
+ autoload :OutputSafetyHelper
autoload :RecordTagHelper
autoload :SanitizeHelper
autoload :ScriptaculousHelper
@@ -48,7 +48,7 @@ module Helpers #:nodoc:
include JavaScriptHelper
include NumberHelper
include PrototypeHelper
- include RawOutputHelper
+ include OutputSafetyHelper
include RecordTagHelper
include SanitizeHelper
include ScriptaculousHelper
View
38 actionpack/lib/action_view/helpers/output_safety_helper.rb
@@ -0,0 +1,38 @@
+require 'active_support/core_ext/string/output_safety'
+
+module ActionView #:nodoc:
+ # = Action View Raw Output Helper
+ module Helpers #:nodoc:
+ module OutputSafetyHelper
+ # This method outputs without escaping a string. Since escaping tags is
+ # now default, this can be used when you don't want Rails to automatically
+ # escape tags. This is not recommended if the data is coming from the user's
+ # input.
+ #
+ # For example:
+ #
+ # <%=raw @user.name %>
+ def raw(stringish)
+ stringish.to_s.html_safe
+ end
+
+ # This method returns a html safe string similar to what <tt>Array#join</tt>
+ # would return. All items in the array, including the supplied separator, are
+ # html escaped unless they are html safe, and the returned string is marked
+ # as html safe.
+ #
+ # safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
+ # # => "<p>foo</p>&lt;br /&gt;&lt;p&gt;bar&lt;/p&gt;"
+ #
+ # safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe)
+ # # => "<p>foo</p><br /><p>bar</p>"
+ #
+ def safe_join(array, sep=$,)
+ sep ||= "".html_safe
+ sep = ERB::Util.html_escape(sep)
+
+ array.map { |i| ERB::Util.html_escape(i) }.join(sep).html_safe
+ end
+ end
+ end
+end
View
18 actionpack/lib/action_view/helpers/raw_output_helper.rb
@@ -1,18 +0,0 @@
-module ActionView #:nodoc:
- # = Action View Raw Output Helper
- module Helpers #:nodoc:
- module RawOutputHelper
- # This method outputs without escaping a string. Since escaping tags is
- # now default, this can be used when you don't want Rails to automatically
- # escape tags. This is not recommended if the data is coming from the user's
- # input.
- #
- # For example:
- #
- # <%=raw @user.name %>
- def raw(stringish)
- stringish.to_s.html_safe
- end
- end
- end
-end
View
30 actionpack/test/template/output_safety_helper_test.rb
@@ -0,0 +1,30 @@
+require 'abstract_unit'
+require 'testing_sandbox'
+
+class OutputSafetyHelperTest < ActionView::TestCase
+ tests ActionView::Helpers::OutputSafetyHelper
+ include TestingSandbox
+
+ def setup
+ @string = "hello"
+ end
+
+ test "raw returns the safe string" do
+ result = raw(@string)
+ assert_equal @string, result
+ assert result.html_safe?
+ end
+
+ test "raw handles nil values correctly" do
+ assert_equal "", raw(nil)
+ end
+
+ test "safe_join should html_escape any items, including the separator, if they are not html_safe" do
+ joined = safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
+ assert_equal "<p>foo</p>&lt;br /&gt;&lt;p&gt;bar&lt;/p&gt;", joined
+
+ joined = safe_join(["<p>foo</p>".html_safe, "<p>bar</p>".html_safe], "<br />".html_safe)
+ assert_equal "<p>foo</p><br /><p>bar</p>", joined
+ end
+
+end
View
21 actionpack/test/template/raw_output_helper_test.rb
@@ -1,21 +0,0 @@
-require 'abstract_unit'
-require 'testing_sandbox'
-
-class RawOutputHelperTest < ActionView::TestCase
- tests ActionView::Helpers::RawOutputHelper
- include TestingSandbox
-
- def setup
- @string = "hello"
- end
-
- test "raw returns the safe string" do
- result = raw(@string)
- assert_equal @string, result
- assert result.html_safe?
- end
-
- test "raw handles nil values correctly" do
- assert_equal "", raw(nil)
- end
-end
View
31 activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -122,34 +122,3 @@ def html_safe
ActiveSupport::SafeBuffer.new(self)
end
end
-
-class Array
- # If the separator and all the items in the array are html safe
- # then an html safe string is returned using <tt>Array#join</tt>,
- # otherwise the result of <tt>Array#join</tt> is returned without
- # marking it as html safe.
- #
- # ["Mr", "Bojangles"].join.html_safe?
- # # => false
- #
- # ["Mr".html_safe, "Bojangles".html_safe].join.html_safe?
- # # => true
- #
- def safe_join(sep=$,)
- sep ||= "".html_safe
- str = join(sep)
- (sep.html_safe? && html_safe?) ? str.html_safe : str
- end
-
- # Returns +true+ if all items in the array are html safe.
- #
- # [""].html_safe?
- # # => false
- #
- # ["".html_safe].html_safe?
- # # => true
- #
- def html_safe?
- detect { |e| !e.html_safe? }.nil?
- end
-end
View
44 activesupport/test/core_ext/string_ext_test.rb
@@ -434,50 +434,6 @@ def to_s
assert string.html_safe?
end
- test "Joining safe elements without a separator is safe" do
- array = 5.times.collect { "some string".html_safe }
- assert array.safe_join.html_safe?
- end
-
- test "Joining safe elements with a safe separator is safe" do
- array = 5.times.collect { "some string".html_safe }
- assert array.safe_join("-".html_safe).html_safe?
- end
-
- test "Joining safe elements with an unsafe separator is unsafe" do
- array = 5.times.collect { "some string".html_safe }
- assert !array.safe_join("-").html_safe?
- end
-
- test "Joining is unsafe if any element is unsafe even with a safe separator" do
- array = 5.times.collect { "some string".html_safe }
- array << "some string"
- assert !array.safe_join("-".html_safe).html_safe?
- end
-
- test "Joining is unsafe if any element is unsafe and no separator is given" do
- array = 5.times.collect { "some string".html_safe }
- array << "some string"
- assert !array.safe_join.html_safe?
- end
-
- test "Joining is unsafe if any element is unsafe and the separator is unsafe" do
- array = 5.times.collect { "some string".html_safe }
- array << "some string"
- assert !array.safe_join("-").html_safe?
- end
-
- test "Array is safe if all elements are safe" do
- array = 5.times.collect { "some string".html_safe }
- assert array.html_safe?
- end
-
- test "Array is unsafe if any element is unsafe" do
- array = 5.times.collect { "some string".html_safe }
- array << "some string"
- assert !array.html_safe?
- end
-
test 'emits normal string yaml' do
assert_equal 'foo'.to_yaml, 'foo'.html_safe.to_yaml(:foo => 1)
end
Please sign in to comment.
Something went wrong with that request. Please try again.