thr3ads.net - Rails - why does text_field not html

If this information is useful, please help other people find it:
Share via:

Xavier Shay

2007-Mar-28 23:07 UTC

why does text_field not html_escape properly?

Can someone fill me in on the rationale for using escape_once over
html_escape for the text_field helper?

To me, if I have "& &gt;" stored in my DB, it makes sense that
that is
the value that should be displayed in a text_field. To do this, it
should be escaped to give:
<input ... value="&amp; &amp;gt;" />

Current behaviour is:
<input ... value="&amp; &gt;" />

Relevant code is in actionpack/lib/action_view/helpers/tag_helper.rb

A test to add to actionpack/test/template/form_tag_helper_test.rb
(currently fails)

  def test_text_field_with_html_entities_in_value
    @post.title = "& &gt;"
    assert_dom_equal(
      ''<input id="post_title" name="post[title]"
size="30" type="text"
value="&amp; &amp;gt;" />'',
text_field("post", "title")
    )
  end

Cheers,
Xavier

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Rails - Mar 2007 - why does text_field not html_escape properly?

why does text_field not html_escape properly?