Created
July 23, 2010 21:25
-
-
Save adzap/488061 to your computer and use it in GitHub Desktop.
Rails 3 HTML escaping when using content_tag
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Rails 3 beta 4 | |
| # Line 74 in actionpack/lib/action_view/helpers/tag_helper.rb | |
| def content_tag(name, content_or_options_with_block = nil, options = nil, escape = true, &block) | |
| if block_given? | |
| options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash) | |
| content_tag_string(name, capture(&block), options, escape) | |
| else | |
| content_tag_string(name, content_or_options_with_block, options, escape) | |
| end | |
| end | |
| # Line 111 in actionpack/lib/action_view/helpers/tag_helper.rb | |
| def content_tag_string(name, content, options, escape = true) | |
| tag_options = tag_options(options, escape) if options | |
| "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe | |
| end | |
| # Line 17 in activesupport/lib/active_support/core_ext/string/output_safety.rb | |
| def html_escape(s) | |
| s = s.to_s | |
| if s.html_safe? | |
| s | |
| else | |
| s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe | |
| end | |
| end | |
| alias h html_escape |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment