This doesn't provide a way to turn off the escaping, but alternative template engine authors
can figure out what their default should be by calling this. Avoids a messy version + plugin check.
Fixes RSpec integration example groups, which mixes its Matchers
module into ActiveSupport::TestCase.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
Previously this example would always pass, even when cookies.delete was not called.
@request.cookies['foo'] = 'bar'
get :delete_cookie
assert_nil cookies['foo']
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#2768 state:committed]
ActionView::Helpers::UrlHelper#url_for used to escape the URLs it generated by
default. This was most commonly seen when generating a path with multiple
query parameters, e.g.
url_for(:controller => :foo, :action => :bar, :this => 123, :that => 456)
would return
http://example.com/foo/bar?that=456&this=123
escaping an ampersand that shouldn't be escaped. This is both wrong and
inconsistent with the behavior of ActionController#url_for, and is changed.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
By using config rather than hardcoded constants, we can evolve the
configuration system over time (we'd just need to update the config
method with more robust capabilities and all consumers would get
the capabilities with no code changes)
This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
state:resolved]
The test case now mimicks the template environment more closely, so it's
possible to use render, load helper dependencies.
This also fixes assert_select, and similar assertions. Because view tests
and helpers generally don't render full templates assert_select looks
first in rendered and then in output_buffer to find the rendered output.
Additional `master'-only changes: Made the Action Pack Rakefile run the
ActionView::TestCase tests, and made ActionView::Rendering#_render_text
always return a string.
Signed-off-by: Joshua Peek <josh@joshpeek.com>
