Skip to content

Commit

Permalink
In actionview, eliminate calls to tag that use html_safe parameter va…
Browse files Browse the repository at this point in the history 
…lues. This is generally unnecessary, since tag handles string quoting, except in one case (utf8_enforcer_tag) where we want to specify the encoding ourselves.
  • Loading branch information
@pdg137
pdg137 committed Jun 13, 2014
1 parent 6071d62 commit 19af434
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 8 deletions.
6 changes: 4 additions & 2 deletions actionview/lib/action_view/helpers/form_tag_helper.rb
View file
Expand Up @@ -794,9 +794,11 @@ def range_field_tag(name, value = nil, options = {})
end

# Creates the hidden UTF8 enforcer tag. Override this method in a helper
# to customize the tag.
# to customize the tag. Note that we have the HTML written out
# explicitly here to avoid potential problems with including a
# unicode character in output.
def utf8_enforcer_tag
tag(:input, :type => "hidden", :name => "utf8", :value => "✓".html_safe)
%{<input name="utf8" type="hidden" value="&#x2713;" />}.html_safe
end

private
Expand Down
1 change: 0 additions & 1 deletion actionview/lib/action_view/helpers/tags/text_field.rb
View file
Expand Up @@ -7,7 +7,6 @@ def render
options["size"] = options["maxlength"] unless options.key?("size")
options["type"] ||= field_type
options["value"] = options.fetch("value") { value_before_type_cast(object) } unless field_type == "file"
options["value"] &&= ERB::Util.html_escape(options["value"])

This comment has been minimized.

Sign in to view

Copy link
@bughit

bughit Jul 8, 2015

Contributor

#20814

this changes how arrays are encoded in form fields

This comment has been minimized.

Sign in to view

Copy link
@bughit

bughit Jul 9, 2015

Contributor

@rafaelfranca, why does @matthewd get to rage close this bug? His opinion was backed up by nothing (just declared) and was clearly wrong, it is not "more useful" to loose the ability to decode the array, I actually provided a coherent argument.

This comment has been minimized.

Sign in to view

Copy link
@dhh

dhh Jul 9, 2015

Member

You were completely out of line on your tone and your indignation. I don't care what kind of bug you found, that's no justification for such antics. Nobody here owes you anything.

This comment has been minimized.

Sign in to view

Copy link
@bughit

bughit Jul 9, 2015

Contributor

There was no indignation, the tone is your interpretation and was not intended. I simply saw a worthless opinion backed up by nothing, and stated it was wrong. If you are going to claim something is more useful then you should show how it's more useful. Otherwise it is argument by authority.

I also did not claim someone owes me something, I would have done a pull request if that's what @rafaelfranca asked.

This comment has been minimized.

Sign in to view

Copy link
@dhh

dhh Jul 9, 2015

Member

You're clearly oblivious to your own actions. Please spend some time developing your social skills before attempting to comment on another Rails issue.

This comment has been minimized.

Sign in to view

Copy link
@bughit

bughit Jul 9, 2015

Contributor

I see, so your team can make dismissive fallacious arguments by authority, offering nonsensical opinions backed up by nothing, and I have to gingerly tiptoe, pleading gently, so that my bug is not rage closed by them.

Ok got it, perhaps I let my annoyance show, sometimes one forgets and says what one thinks of a bad argument, know what I mean?

At no point did you address the substance, which is that it is much better to encode arrays into form field value strings in a way that allows them to be decoded. Pretty self evident, no?

This comment has been minimized.

Sign in to view

Copy link
@dhh

dhh via email Jul 9, 2015

Member
add_default_name_and_id(options)
tag("input", options)
end
Expand Down
8 changes: 3 additions & 5 deletions actionview/lib/action_view/helpers/url_helper.rb
View file
Expand Up @@ -462,20 +462,18 @@ def link_to_if(condition, name, options = {}, html_options = {}, &block)
# <strong>Email me:</strong> <span>me@domain.com</span>
# </a>
def mail_to(email_address, name = nil, html_options = {}, &block)
email_address = ERB::Util.unwrapped_html_escape(email_address)

html_options, name = name, nil if block_given?
html_options = (html_options || {}).stringify_keys

extras = %w{ cc bcc body subject }.map! { |item|
option = html_options.delete(item) || next
"#{item}=#{Rack::Utils.escape_path(option)}"
}.compact
extras = extras.empty? ? '' : '?' + ERB::Util.unwrapped_html_escape(extras.join('&'))
extras = extras.empty? ? '' : '?' + extras.join('&')

html_options["href"] = "mailto:#{email_address}#{extras}".html_safe
html_options["href"] = "mailto:#{email_address}#{extras}"

content_tag(:a, name || email_address.html_safe, html_options, &block)
content_tag(:a, name || email_address, html_options, &block)
end

# True if the current request URI was generated by the given +options+.
Expand Down

0 comments on commit 19af434

Please sign in to comment.