content_tag, escape and html5 data attributes #8091

Closed
CloCkWeRX opened this Issue Nov 1, 2012 · 3 comments

Comments

Projects
None yet
3 participants
@CloCkWeRX

rails 3.2.1

Define a helper:

  def foo
    options = {
      :data => { :content => 'double"quote"party"' }
    }

    content_tag(:a, '', options)
  end

Invoke in a template

<%= foo %>

Expected result:

<a data-content="double&quot;quote&quot;party&quot;"></a>

The default argument for content_tag's escape param is true.

Actual result:

<a data-content="double"quote"party"></a>
@senny

This comment has been minimized.

Show comment
Hide comment
@senny

senny Nov 1, 2012

Member

In order to skip escaping, your string needs to be html_safe.

Member

senny commented Nov 1, 2012

In order to skip escaping, your string needs to be html_safe.

@CloCkWeRX

This comment has been minimized.

Show comment
Hide comment
@CloCkWeRX

CloCkWeRX Nov 1, 2012

Not trying to skip it in this instance - my expectation was that content_tag would escape the content, including attributes. (If you are saying that it's being passed to html_safe, and that's not detecting the invalid attribute-ness of the data...)

Not trying to skip it in this instance - my expectation was that content_tag would escape the content, including attributes. (If you are saying that it's being passed to html_safe, and that's not detecting the invalid attribute-ness of the data...)

@carlosantoniodasilva

This comment has been minimized.

Show comment
Hide comment
@carlosantoniodasilva

carlosantoniodasilva Nov 1, 2012

Member

Hey @CloCkWeRX, I've just added some tests to master that ensures this works with tag and content_tag. I've tested in 3-2-stable as well, and it works the same way, it always escapes the data attributes, as you can see here and here.

I'm closing here, if you find this is still an issue somehow, please let us know and give a bit more information so that we can help figuring it out. Thanks.

Hey @CloCkWeRX, I've just added some tests to master that ensures this works with tag and content_tag. I've tested in 3-2-stable as well, and it works the same way, it always escapes the data attributes, as you can see here and here.

I'm closing here, if you find this is still an issue somehow, please let us know and give a bit more information so that we can help figuring it out. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment