From 0802572f904fcba1b858beda258c1e0980c65cdb Mon Sep 17 00:00:00 2001 From: Brian Morearty Date: Sun, 13 Feb 2011 13:35:26 -0800 Subject: [PATCH] Add deprecation warnings to helpers that take an the escape parameter/option [#6421] Deprecate the escape parameter/option for these helper methods: FormTagHelper#text_area_tag TagHelper#content_tag TagHelper#tag --- .../lib/action_view/helpers/asset_tag_helper.rb | 2 +- .../lib/action_view/helpers/form_options_helper.rb | 2 +- .../lib/action_view/helpers/form_tag_helper.rb | 13 +++++++++++-- actionpack/lib/action_view/helpers/tag_helper.rb | 18 ++++++++++++++---- actionpack/lib/action_view/helpers/text_helper.rb | 7 +++++-- actionpack/test/template/form_tag_helper_test.rb | 18 ++++++++++++++---- actionpack/test/template/tag_helper_test.rb | 11 ++++++++--- 7 files changed, 54 insertions(+), 17 deletions(-) diff --git a/actionpack/lib/action_view/helpers/asset_tag_helper.rb b/actionpack/lib/action_view/helpers/asset_tag_helper.rb index 6a75a7c..fe8acbd 100644 --- a/actionpack/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/asset_tag_helper.rb @@ -827,7 +827,7 @@ module ActionView end def stylesheet_tag(source, options) - tag("link", { "rel" => "stylesheet", "type" => Mime::CSS, "media" => "screen", "href" => html_escape(path_to_stylesheet(source)) }.merge(options), false, false) + tag("link", { "rel" => "stylesheet", "type" => Mime::CSS, "media" => "screen", "href" => html_escape(path_to_stylesheet(source)) }.merge(options)) end def compute_javascript_paths(*args) diff --git a/actionpack/lib/action_view/helpers/form_options_helper.rb b/actionpack/lib/action_view/helpers/form_options_helper.rb index 0920897..aad6afb 100644 --- a/actionpack/lib/action_view/helpers/form_options_helper.rb +++ b/actionpack/lib/action_view/helpers/form_options_helper.rb @@ -448,7 +448,7 @@ module ActionView # wrap the output in an appropriate ...options... # @@ -72,6 +78,10 @@ module ActionView # <% end -%> # # =>
Hello world!
def content_tag(name, content_or_options_with_block = nil, options = nil, escape = true, &block) + unless escape + ActiveSupport::Deprecation.warn %Q{content_tag's "escape" parameter is deprecated. It will be removed in Rails 3.1. Call html_safe on the content and attribute values to prevent HTML escaping.}, caller + end + if block_given? options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash) content_tag_string(name, capture(&block), options, escape) diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index 21088c7..4dff7e1 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -497,11 +497,14 @@ module ActionView link_text = block_given?? yield(href) : href href = 'http://' + href unless scheme - unless options[:sanitize] == false + if options.fetch(:sanitize, true) link_text = sanitize(link_text) href = sanitize(href) + else + link_text = link_text.html_safe + href = href.html_safe end - content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('') + content_tag(:a, link_text, link_attributes.merge('href' => href)) + punctuation.reverse.join('') end end.html_safe end diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb index 532f086..9c3f538 100644 --- a/actionpack/test/template/form_tag_helper_test.rb +++ b/actionpack/test/template/form_tag_helper_test.rb @@ -236,14 +236,24 @@ class FormTagHelperTest < ActionView::TestCase assert_dom_equal expected, actual end - def test_text_area_tag_unescaped_content - actual = text_area_tag "body", "hello world", :size => "20x40", :escape => false + def test_text_area_tag_safe_content + actual = text_area_tag "body", "hello world".html_safe, :size => "20x40" expected = %() assert_dom_equal expected, actual end - def test_text_area_tag_unescaped_nil_content - actual = text_area_tag "body", nil, :escape => false + def test_text_area_tag_escape_option_deprecated + actual = assert_deprecated('escape') do + text_area_tag "body", "hello world", :size => "20x40", :escape => false + end + expected = %() + assert_dom_equal expected, actual + end + + def test_text_area_tag_unescaped_nil_content_deprecated + actual = assert_deprecated('escape') do + text_area_tag "body", nil, :escape => false + end expected = %() assert_dom_equal expected, actual end diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb index 85ac515..a1c9740 100644 --- a/actionpack/test/template/tag_helper_test.rb +++ b/actionpack/test/template/tag_helper_test.rb @@ -39,8 +39,12 @@ class TagHelperTest < ActionView::TestCase content_tag("a", "Create", :href => "create") assert_equal "

<script>evil_js</script>

", content_tag(:p, '') + assert_deprecated do + assert_equal "

", + content_tag(:p, '', nil, false) + end assert_equal "

", - content_tag(:p, '', nil, false) + content_tag(:p, ''.html_safe) end def test_content_tag_with_block_in_erb @@ -83,7 +87,7 @@ class TagHelperTest < ActionView::TestCase end def test_content_tag_with_unescaped_array_class - str = content_tag('p', "limelight", {:class => ["song", "play>"]}, false) + str = assert_deprecated { content_tag('p', "limelight", {:class => ["song", "play>"]}, false) } assert_equal "

\">limelight

", str end @@ -108,6 +112,7 @@ class TagHelperTest < ActionView::TestCase end def test_disable_escaping - assert_equal '', tag('a', { :href => '&' }, false, false) + assert_deprecated { assert_equal '', tag('a', { :href => '&' }, false, false) } + assert_equal '', tag('a', { :href => '&'.html_safe }) end end -- 1.6.2.2