Permalink
Browse files

Change the raw template handler to render html-safe strings

In PR #24929 the changelog was updated to make note that while the new
template handler was changed to raw this changed the behavior when
outputting plain html or js files. Previously ERB would output the files
unescaped. Changing the default handler to RAW meant that these same
files would be rendered as escaped rather than as js or html.

Because of this change in behavior and after the discussion #24949 in we
decided to change the behavior of the Raw handler to output html_safe
strings by default.

Now files rendered with the default handler (raw) render the file
unescaped.
  • Loading branch information...
eileencodes committed Jun 21, 2016
1 parent be8b2dd commit 1de0df86695f8fa2eeae6b8b46f9b53decfa6ec8
View
@@ -1,3 +1,14 @@
* Raw template handler (which is also the default template handler in Rails 5) now outputs
HTML-safe strings.
In Rails 5 the default template handler was changed to the raw template handler. Because
the ERB template handler escaped strings by default this broke some applications that
expected plain JS or HTML files to be rendered unescaped. This fixes the issue caused
by changing the default handler by changing the Raw template handler to output HTML-safe
strings.
*Eileen M. Uchitelle*
* `select_tag`'s `include_blank` option for generation for blank option tag, now adds an empty space label,
when the value as well as content for option tag are empty, so that we confirm with html specification.
Ref: https://www.w3.org/TR/html5/forms.html#the-option-element.
@@ -2,7 +2,7 @@ module ActionView
module Template::Handlers
class Raw
def call(template)
"#{template.source.inspect};"
"#{template.source.inspect}.html_safe;"
end
end
end
@@ -100,6 +100,13 @@ def test_render_raw_template_with_quotes
assert_equal %q;Here are some characters: !@#$%^&*()-="'}{`; + "\n", @view.render(:template => "plain_text_with_characters")
end
def test_render_raw_is_html_safe_and_does_not_escape_output
buffer = ActiveSupport::SafeBuffer.new
buffer << @view.render(file: "plain_text")
assert_equal true, buffer.html_safe?
assert_equal buffer, "<%= hello_world %>\n"
end
def test_render_ruby_template_with_handlers
assert_equal "Hello from Ruby code", @view.render(:template => "ruby_template")
end

0 comments on commit 1de0df8

Please sign in to comment.