Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed that link_to with an href of # when using :method will not allo…
…w for click-through without JavaScript (closes #7037) [stevenbristol/josh]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7096 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information
dhh committed Jun 23, 2007
1 parent 4766f52 commit 4de8c63
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 9 deletions.
2 changes: 2 additions & 0 deletions actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*

* Fixed that link_to with an href of # when using :method will not allow for click-through without JavaScript #7037 [stevenbristol/josh]

* Fixed that radio_button_tag should generate unique ids #3353 [BobSilva/rebecca/josh]

* Fixed that HTTP authentication should work if the header is called REDIRECT_X_HTTP_AUTHORIZATION as well #6754 [mislaw]
Expand Down
28 changes: 19 additions & 9 deletions actionpack/lib/action_view/helpers/url_helper.rb
Expand Up @@ -107,6 +107,12 @@ def url_for(options = {})
# for post?, delete? or put?.
# * The +html_options+ will accept a hash of html attributes for the link tag.
#
# Note that if the user has JavaScript disabled, the request will fall back
# to using GET. If :href=>'#' is used and the user has JavaScript disabled
# clicking the link will have no effect. If you are relying on the POST
# behavior, your should check for it in your controllers action by using the
# request objects methods for post?, delete? or put?.
#
# You can mix and match the +html_options+ with the exception of
# :popup and :method which will raise an ActionView::ActionViewError
# exception.
Expand All @@ -127,16 +133,19 @@ def url_for(options = {})
# var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method');
# m.setAttribute('value', 'delete'); f.appendChild(m);f.submit(); };return false;">Delete Image</a>
def link_to(name, options = {}, html_options = nil)
url = options.is_a?(String) ? options : self.url_for(options)

if html_options
html_options = html_options.stringify_keys
convert_options_to_javascript!(html_options)
href = html_options['href']
convert_options_to_javascript!(html_options, url)
tag_options = tag_options(html_options)
else
tag_options = nil
end

url = options.is_a?(String) ? options : self.url_for(options)
"<a href=\"#{url}\"#{tag_options}>#{name || url}</a>"
href_attr = "href=\"#{url}\"" unless href
"<a #{href_attr}#{tag_options}>#{name || url}</a>"
end

# Generates a form containing a single button that submits to the URL created
Expand Down Expand Up @@ -420,10 +429,10 @@ def current_page?(options)
end

private
def convert_options_to_javascript!(html_options)
def convert_options_to_javascript!(html_options, url = '')
confirm, popup = html_options.delete("confirm"), html_options.delete("popup")

method = html_options.delete("method")
method, href = html_options.delete("method"), html_options['href']

html_options["onclick"] = case
when popup && method
Expand All @@ -435,7 +444,7 @@ def convert_options_to_javascript!(html_options)
when confirm
"return #{confirm_javascript_function(confirm)};"
when method
"#{method_javascript_function(method)}return false;"
"#{method_javascript_function(method, url, href)}return false;"
when popup
popup_javascript_function(popup) + 'return false;'
else
Expand All @@ -451,10 +460,11 @@ def popup_javascript_function(popup)
popup.is_a?(Array) ? "window.open(this.href,'#{popup.first}','#{popup.last}');" : "window.open(this.href);"
end

def method_javascript_function(method)
def method_javascript_function(method, url = '', href = nil)
action = (href && url.size > 0) ? "'#{url}'" : 'this.href'
submit_function =
"var f = document.createElement('form'); f.style.display = 'none'; " +
"this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;"
"this.parentNode.appendChild(f); f.method = 'POST'; f.action = #{action};"

unless method == :post
submit_function << "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); "
Expand Down
7 changes: 7 additions & 0 deletions actionpack/test/template/url_helper_test.rb
Expand Up @@ -158,6 +158,13 @@ def test_link_tag_using_delete_javascript
)
end

def test_link_tag_using_delete_javascript_and_href
assert_dom_equal(
"<a href='\#' onclick=\"var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = 'http://www.example.com';var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method'); m.setAttribute('value', 'delete'); f.appendChild(m);f.submit();return false;\">Destroy</a>",
link_to("Destroy", "http://www.example.com", :method => :delete, :href => '#')
)
end

def test_link_tag_using_post_javascript_and_confirm
assert_dom_equal(
"<a href=\"http://www.example.com\" onclick=\"if (confirm('Are you serious?')) { var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit(); };return false;\">Hello</a>",
Expand Down

0 comments on commit 4de8c63

Please sign in to comment.