This project is archived and is in readonly mode.
Should not html_escape auto_link block form
Reported by Duff OMelia | February 19th, 2009 @ 06:35 PM | in 3.x
When a block is given to auto_link, it allow us to customize the text of the link. Right now, the result of that block gets html_escaped. This works, unless the user wants the text of the link to actually be html tags. For example, in my site, I'm using auto_link to automatically show an image tag like so:
auto_link(stripped) { | each | each[/\.(jpg|gif|png|bmp|tif)$/] ? %Q{<img src="#{each}" width="160px" class="embeddedImage" /> } : each }
This code used to work when the result of the block wasn't html_escape'd. I think that if the user of the block form wants the link text html_escaped, they can do so in the block.
I attached a patch to make the adjustment. I'd also love to know if there's a better way to do what I'm trying to do. Thanks!
Comments and changes to this ticket
-
Mislav March 11th, 2009 @ 10:49 AM
- Tag changed from patch, rack, session to auto_link, block, escape, html, patch
I support this change, but only after Rails 2.3.
I wouldn't change any behavior (however obscure it may be) now that RC 2 was out.
-
Mislav April 17th, 2010 @ 05:41 AM
Hey Duff,
I've added my auto_link patches to #1862
They add a test that shows you can output HTML content from the block if you use the
raw
helper. Removingh()
wasn't necessary at all in Rails 3 (but I still did it, for clarity).New XSS protection in Rails handles HTML-escaping magically.
-
Repository May 29th, 2010 @ 03:06 AM
- State changed from new to resolved
(from [17b4fd25e4de8f05d40ccaa776e51636745aa8e8]) avoid auto_linking already linked emails; more robust detection of linked URLs
References #1523 [#1862 state:resolved] [#3591 state:resolved]
Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination withraw
.
Let link text be automatically HTML-escaped[#2017 state:resolved] http://github.com/rails/rails/commit/17b4fd25e4de8f05d40ccaa776e516...
-
Repository May 29th, 2010 @ 03:06 AM
(from [8f0b2138ee979799092e0489f7298289c90901b9]) avoid auto_linking already linked emails; more robust detection of linked URLs
References #1523 [#1862 state:resolved] [#3591 state:resolved]
Add test that shows how link text can contain HTML if needed:
the trick is using block form in combination withraw
.
Let link text be automatically HTML-escaped[#2017 state:resolved] http://github.com/rails/rails/commit/8f0b2138ee979799092e0489f72982...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Attachments
Referenced by
- 1862 Running autolink on text containing a mailto: link breaks [#2017 state:resolved] http://github.com/rails/rails/com...
- 2017 Should not html_escape auto_link block form [#2017 state:resolved] http://github.com/rails/rails/com...
- 3591 auto_link should not create a link inside a link which has the rel attribute [#2017 state:resolved] http://github.com/rails/rails/com...
- 1862 Running autolink on text containing a mailto: link breaks [#2017 state:resolved] http://github.com/rails/rails/com...
- 3591 auto_link should not create a link inside a link which has the rel attribute [#2017 state:resolved] http://github.com/rails/rails/com...
- 2017 Should not html_escape auto_link block form [#2017 state:resolved] http://github.com/rails/rails/com...