Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't escape options in option_html_attributes method #7123

Merged
merged 1 commit into from Jul 22, 2012
Merged

don't escape options in option_html_attributes method #7123

merged 1 commit into from Jul 22, 2012

Conversation

nashby
Copy link
Contributor

@nashby nashby commented Jul 21, 2012

we don't need to escape values in this method as we pass
these html attributes to tag_options method that handle escaping as
well.

it fixes the case when we want to pass html5 data options

carlosantoniodasilva
carlosantoniodasilva reviewed Jul 21, 2012
View reviewed changes
actionpack/test/template/form_options_helper_test.rb
{:onclick => "alert("<code>")"},
option_html_attributes([ 'foo', 'bar', { :onclick => %(alert("<code>")) } ])
)
end
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about changing this one to test options_for_select with special chars instead? :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can but looks like there are a lot of tests that test this behavior implicity. E.g https://github.com/nashby/rails/blob/f5760d571445156c576925c4889fbd50ec388c6f/actionpack/test/template/form_options_helper_test.rb#L119
wdyt?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with @carlosantoniodasilva, adding one more case doesn't hurt.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rafaelfranca @carlosantoniodasilva OK, I've updated PR.

@nashby
don't escape options in option_html_attributes method
dacbcbe 
we don't need to escape values in this method as we pass
these html attributes to `tag_options` method that handle escaping as
well.

it fixes the case when we want to pass html5 data options
rafaelfranca added a commit that referenced this pull request Jul 22, 2012
@rafaelfranca
Merge pull request #7123 from nashby/data-in-options
440a5eb 
don't escape options in option_html_attributes method
@rafaelfranca rafaelfranca merged commit 440a5eb into rails:master Jul 22, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
actionview
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nashby @carlosantoniodasilva @rafaelfranca