don't escape options in option_html_attributes method

we don't need to escape values in this method as we pass these html attributes to `tag_options` method that handle escaping as well. it fixes the case when we want to pass html5 data options
rails · Jul 22, 2012 · dacbcbe · dacbcbe
1 parent 98f4aee
commit dacbcbe
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 8 deletions.
diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb
@@ -711,7 +711,7 @@ def collection_check_boxes(object, method, collection, value_method, text_method
         def option_html_attributes(element)
           return {} unless Array === element
 
-          Hash[element.select { |e| Hash === e }.reduce({}, :merge).map { |k, v| [k, ERB::Util.html_escape(v.to_s)] }]
+          Hash[element.select { |e| Hash === e }.reduce({}, :merge).map { |k, v| [k, v] }]
         end
 
         def option_text_and_value(option)

diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb
@@ -1130,6 +1130,13 @@ def test_options_for_select_with_element_attributes
     )
   end
 
+  def test_options_for_select_with_data_element
+    assert_dom_equal(
+      "<option value=\"&lt;Denmark&gt;\" data-test=\"bold\">&lt;Denmark&gt;</option>",
+      options_for_select([ [ "<Denmark>", { :data => { :test => 'bold' } } ] ])
+    )
+  end
+
   def test_options_for_select_with_element_attributes_and_selection
     assert_dom_equal(
       "<option value=\"&lt;Denmark&gt;\">&lt;Denmark&gt;</option>\n<option value=\"USA\" class=\"bold\" selected=\"selected\">USA</option>\n<option value=\"Sweden\">Sweden</option>",
@@ -1144,6 +1151,13 @@ def test_options_for_select_with_element_attributes_and_selection_array
     )
   end
 
+  def test_options_for_select_with_special_characters
+    assert_dom_equal(
+      "<option value=\"&lt;Denmark&gt;\" onclick=\"alert(&quot;&lt;code&gt;&quot;)\">&lt;Denmark&gt;</option>",
+      options_for_select([ [ "<Denmark>", { :onclick => %(alert("<code>")) } ] ])
+    )
+  end
+
   def test_option_html_attributes_from_without_hash
     assert_equal(
       {},
@@ -1172,13 +1186,6 @@ def test_option_html_attributes_with_multiple_hashes
     )
   end
 
-  def test_option_html_attributes_with_special_characters
-    assert_equal(
-      {:onclick => "alert(&quot;&lt;code&gt;&quot;)"},
-      option_html_attributes([ 'foo', 'bar', { :onclick => %(alert("<code>")) } ])
-    )
-  end
-
   def test_grouped_collection_select
     @post = Post.new
     @post.origin = 'dk'