Output of *_path not html_safe?

28 views
Skip to first unread message

tamouse pontiki

unread,
Sep 1, 2014, 3:50:34 PM9/1/14
to rubyonra...@googlegroups.com
From a lengthy discussion on #RubyO...@freenode.net, I am wondering about something. The *_path and *_url methods return plain String objects, not an ActiveSupport::SafeBuffer. If something is passed into (say) link_to that contains an escapable character, such as & in a query string, link_to will escape it.

I haven't encountered people putting .html_safe on *_path methods before, so I didn't know about this. Is this something well-known? Is it expected? My assumption was that it would have been html_safe.

Anyone have any thoughts on this?

Example:

>>  app.glucose_readings_path(:hello => true, :goodbye=> false)  
=> "/glucose_readings?goodbye=false&hello=true"

>>  app.glucose_readings_path(:hello => true, :goodbye=> false).class
=> String < Object

>>  foo.link_to "hi", app.glucose_readings_path(:hello => true, :goodbye=> false)
=> "<a href=\"/glucose_readings?goodbye=false&amp;hello=true\">hi</a>"

>>  foo.link_to "hi", app.glucose_readings_path(:hello => true, :goodbye=> false).html_safe
=> "<a href=\"/glucose_readings?goodbye=false&hello=true\">hi</a>"

Matt Jones

unread,
Sep 2, 2014, 10:40:21 AM9/2/14
to rubyonra...@googlegroups.com


On Monday, 1 September 2014 15:50:34 UTC-4, tamouse wrote:
From a lengthy discussion on #RubyO...@freenode.net, I am wondering about something. The *_path and *_url methods return plain String objects, not an ActiveSupport::SafeBuffer. If something is passed into (say) link_to that contains an escapable character, such as & in a query string, link_to will escape it.

I haven't encountered people putting .html_safe on *_path methods before, so I didn't know about this. Is this something well-known? Is it expected? My assumption was that it would have been html_safe.

Anyone have any thoughts on this?

Example:

>>  app.glucose_readings_path(:hello => true, :goodbye=> false)  
=> "/glucose_readings?goodbye=false&hello=true"

>>  app.glucose_readings_path(:hello => true, :goodbye=> false).class
=> String < Object

>>  foo.link_to "hi", app.glucose_readings_path(:hello => true, :goodbye=> false)
=> "<a href=\"/glucose_readings?goodbye=false&amp;hello=true\">hi</a>"


This is the correct way to format links with & in them. Browsers tolerate the un-escaped version, but it's not technically valid HTML...

--Matt Jones 

tamouse pontiki

unread,
Sep 3, 2014, 11:14:00 PM9/3/14
to rubyonra...@googlegroups.com
You are so right! I never knew that.
 
Reply all
Reply to author
Forward
0 new messages