Simplify link_to using content_tag

Add some tests for link_to with blocks and escaping content.
rails · May 31, 2012 · e2f5f01 · e2f5f01
1 parent b6eb22c
commit e2f5f01
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 12 deletions.
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -234,20 +234,14 @@ def url_for(options = nil)
       #   link_to("Destroy", "http://www.example.com", :method => :delete, :confirm => "Are you sure?")
       #   # => <a href='http://www.example.com' rel="nofollow" data-method="delete" data-confirm="Are you sure?">Destroy</a>
       def link_to(name = nil, options = nil, html_options = nil, &block)
-        if block_given?
+        html_options, options = options, name if block_given?
-          html_options, options = options, name
+        options ||= {}
-          link_to(capture(&block), options, html_options)
+        url       = url_for(options)
-        else
-          options ||= {}
-          html_options = convert_options_to_data_attributes(options, html_options)
 
-          url  = url_for(options)
+        html_options = convert_options_to_data_attributes(options, html_options)
-          href = html_options['href']
+        html_options['href'] ||= url
-          tag_options = tag_options(html_options)
 
-          href_attr = "href=\"#{ERB::Util.html_escape(url)}\"" unless href
+        content_tag(:a, name || url, html_options, &block)
-          "<a #{href_attr}#{tag_options}>#{ERB::Util.html_escape(name || url)}</a>".html_safe
-        end
       end
 
       # Generates a form containing a single button that submits to the URL created

diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
@@ -277,6 +277,16 @@ def test_link_tag_using_delete_javascript_and_href_and_confirm
     )
   end
 
+  def test_link_tag_with_block
+    assert_dom_equal '<a href="/"><span>Example site</span></a>',
+      link_to('/') { content_tag(:span, 'Example site') }
+  end
+
+  def test_link_tag_with_block_and_html_options
+    assert_dom_equal '<a class="special" href="/"><span>Example site</span></a>',
+      link_to('/', :class => "special") { content_tag(:span, 'Example site') }
+  end
+
   def test_link_tag_using_block_in_erb
     out = render_erb %{<%= link_to('/') do %>Example site<% end %>}
     assert_equal '<a href="/">Example site</a>', out
@@ -289,6 +299,16 @@ def test_link_tag_with_html_safe_string
     )
   end
 
+  def test_link_tag_escapes_content
+    assert_dom_equal '<a href="/">Malicious &lt;script&gt;content&lt;/script&gt;</a>',
+      link_to("Malicious <script>content</script>", "/")
+  end
+
+  def test_link_tag_does_not_escape_html_safe_content
+    assert_dom_equal '<a href="/">Malicious <script>content</script></a>',
+      link_to("Malicious <script>content</script>".html_safe, "/")
+  end
+
   def test_link_to_unless
     assert_equal "Showing", link_to_unless(true, "Showing", url_hash)