Skip to content
This repository
Browse code

Move escape_once logic to ERB::Util, where it belongs to

All the logic is based on the HTML_ESCAPE constant available in
ERB::Util, so it seems more logic to have the entire method there and
just delegate the helper to use it.
  • Loading branch information...
commit 608eddc6f5465c642bd02f5523a8e486a87020b1 1 parent 0eb4673
Carlos Antonio da Silva authored January 12, 2012
2  actionpack/lib/action_view/helpers/tag_helper.rb
@@ -118,7 +118,7 @@ def cdata_section(content)
118 118
       #   escape_once("<< Accept & Checkout")
119 119
       #   # => "<< Accept & Checkout"
120 120
       def escape_once(html)
121  
-        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
  121
+        ERB::Util.html_escape_once(html)
122 122
       end
123 123
 
124 124
       private
14  actionpack/test/template/erb_util_test.rb
@@ -44,4 +44,18 @@ def test_rest_in_ascii
44 44
       assert_equal chr, html_escape(chr)
45 45
     end
46 46
   end
  47
+
  48
+  def test_html_escape_once
  49
+    assert_equal '1 &lt; 2 &amp; 3', html_escape_once('1 < 2 &amp; 3')
  50
+  end
  51
+
  52
+  def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings
  53
+    value = html_escape_once('1 < 2 &amp; 3')
  54
+    assert !value.html_safe?
  55
+  end
  56
+
  57
+  def test_html_escape_once_returns_safe_strings_when_passed_safe_strings
  58
+    value = html_escape_once('1 < 2 &amp; 3'.html_safe)
  59
+    assert value.html_safe?
  60
+  end
47 61
 end
2  activesupport/CHANGELOG.md
Source Rendered
... ...
@@ -1,5 +1,7 @@
1 1
 ## Rails 4.0.0 (unreleased) ##
2 2
 
  3
+*    Add html_escape_once to ERB::Util, and delegate escape_once tag helper to it. *Carlos Antonio da Silva*
  4
+
3 5
 *    Remove ActiveSupport::TestCase#pending method, use `skip` instead. *Carlos Antonio da Silva*
4 6
 
5 7
 *    Deprecates the compatibility method Module#local_constant_names,
15  activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -33,6 +33,21 @@ def html_escape(s)
33 33
     singleton_class.send(:remove_method, :html_escape)
34 34
     module_function :html_escape
35 35
 
  36
+    # Returns an escaped version of +html+ without affecting existing escaped entities.
  37
+    #
  38
+    # ==== Examples
  39
+    #   html_escape_once("1 < 2 &amp; 3")
  40
+    #   # => "1 &lt; 2 &amp; 3"
  41
+    #
  42
+    #   html_escape_once("&lt;&lt; Accept & Checkout")
  43
+    #   # => "&lt;&lt; Accept &amp; Checkout"
  44
+    def html_escape_once(s)
  45
+      result = s.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| HTML_ESCAPE[special] }
  46
+      s.html_safe? ? result.html_safe : result
  47
+    end
  48
+
  49
+    module_function :html_escape_once
  50
+
36 51
     # A utility method for escaping HTML entities in JSON strings
37 52
     # using \uXXXX JavaScript escape sequences for string literals:
38 53
     #

0 notes on commit 608eddc

Please sign in to comment.
Something went wrong with that request. Please try again.