Permalink
Browse files

Add `:escape` option for `truncate`

This options can be used to not escape the result by default.
  • Loading branch information...
rafaelfranca committed May 26, 2012
1 parent eedc513 commit 2c2b0beaf46c997773b9adc8ef9ff57547a770a3
View
@@ -1,5 +1,10 @@
## Rails 4.0.0 (unreleased) ##
+* `truncate` now always returns an escaped HTMl-safe string. The option `:escape` can be used as
+ false to not escape the result.
+
+ *Li Ellis Gallardo + Rafael Mendonça França*
+
* `truncate` now accepts a block to show extra content when the text is truncated. *Li Ellis Gallardo*
* Add `week_field`, `week_field_tag`, `month_field`, `month_field_tag`, `datetime_local_field`,
@@ -64,7 +64,9 @@ def safe_concat(string)
#
# Pass a block if you want to show extra content when the text is truncated.
#
- # The result is marked as HTML-safe, but the it is escaped first.
+ # The result is marked as HTML-safe, but it is escaped by default, unless <tt>:escape</tt> is
+ # +false+. Care should be taken if +text+ contains HTML tags or entities, because truncation
+ # may produce invalid HTML (such as unbalanced or incomplete tags).
#
# truncate("Once upon a time in a world far far away")
# # => "Once upon a time in a world..."
@@ -87,7 +89,8 @@ def truncate(text, options = {}, &block)
if text
length = options.fetch(:length, 30)
- content = ERB::Util.html_escape(text.truncate(length, options))
+ content = text.truncate(length, options)
+ content = options[:escape] == false ? content.html_safe : ERB::Util.html_escape(content)
content << capture(&block) if block_given? && text.length > length
content
end
@@ -119,6 +119,15 @@ def test_truncate_should_escape_the_input
assert_equal "Hello &lt;sc...", truncate("Hello <script>code!</script>World!!", :length => 12)
end
+ def test_truncate_should_not_escape_the_input_with_escape_false
+ assert_equal "Hello <sc...", truncate("Hello <script>code!</script>World!!", :length => 12, :escape => false)
+ end
+
+ def test_truncate_with_escape_false_should_be_html_safe
+ truncated = truncate("Hello <script>code!</script>World!!", :length => 12, :escape => false)
+ assert truncated.html_safe?
+ end
+
def test_truncate_with_block_should_be_html_safe
truncated = truncate("Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' }
assert truncated.html_safe?
@@ -129,6 +138,16 @@ def test_truncate_with_block_should_escape_the_input
truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' }
end
+ def test_truncate_with_block_should_not_escape_the_input_with_escape_false
+ assert_equal "<script>code!</script>He...<a href=\"#\">Continue</a>",
+ truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27, :escape => false) { link_to 'Continue', '#' }
+ end
+
+ def test_truncate_with_block_with_escape_false_should_be_html_safe
+ truncated = truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27, :escape => false) { link_to 'Continue', '#' }
+ assert truncated.html_safe?
+ end
+
def test_truncate_with_block_should_escape_the_block
assert_equal "Here's a long test and I...&lt;script&gt;alert('foo');&lt;/script&gt;",
truncate("Here's a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" }

0 comments on commit 2c2b0be

Please sign in to comment.