actionpack 2.3.18 → 3.0.0.beta

data/lib/action_view/helpers/translation_helper.rb

@@ -3,30 +3,16 @@ require 'action_view/helpers/tag_helper'
 module ActionView
   module Helpers
     module TranslationHelper
-      # Delegates to I18n#translate but also performs two additional functions. First, it'll catch MissingTranslationData exceptions
+      # Delegates to I18n#translate but also performs two additional functions. First, it'll catch MissingTranslationData exceptions 
       # and turn them into inline spans that contains the missing key, such that you can see in a view what is missing where.
       #
       # Second, it'll scope the key by the current partial if the key starts with a period. So if you call translate(".foo") from the
       # people/index.html.erb template, you'll actually be calling I18n.translate("people.index.foo"). This makes it less repetitive
       # to translate many keys within the same partials and gives you a simple framework for scoping them consistently. If you don't
       # prepend the key with a period, nothing is converted.
-      def translate(keys, options = {})
-        if multiple_keys = keys.is_a?(Array)
-          ActiveSupport::Deprecation.warn "Giving an array to translate is deprecated, please give a symbol or a string instead", caller
-        end
-
+      def translate(key, options = {})
         options[:raise] = true
-        keys = scope_keys_by_partial(keys)
-
-        translations = I18n.translate(keys, options)
-        translations = [translations] if !multiple_keys && translations.size > 1
-        translations = html_safe_translation_keys(keys, translations)
-
-        if multiple_keys || translations.size > 1
-          translations
-        else
-          translations.first
-        end
+        I18n.translate(scope_key_by_partial(key), options).html_safe
       rescue I18n::MissingTranslationData => e
         keys = I18n.send(:normalize_translation_keys, e.locale, e.key, e.options[:scope])
         content_tag('span', keys.join(', '), :class => 'translation_missing')
@@ -39,29 +25,19 @@ module ActionView
       end
       alias :l :localize
 
-
       private
-        def scope_keys_by_partial(keys)
-          Array.wrap(keys).map do |key|
-            key = key.to_s
-
-            if key.first == "."
-              template.path_without_format_and_extension.gsub(%r{/_?}, ".") + key
-            else
-              key
-            end
-          end
-        end
 
-        def html_safe_translation_keys(keys, translations)
-          keys.zip(translations).map do |key, translation|
-            if key =~ /(\b|_|\.)html$/ && translation.respond_to?(:html_safe)
-              translation.html_safe
+        def scope_key_by_partial(key)
+          if key.to_s.first == "."
+            if @_virtual_path
+              @_virtual_path.gsub(%r{/_?}, ".") + key.to_s
             else
-              translation
+              raise "Cannot use t(#{key.inspect}) shortcut because path is not available"
             end
+          else
+            key
           end
         end
     end
   end
-end
+end

data/lib/action_view/helpers/url_helper.rb

@@ -1,4 +1,6 @@
-#require 'action_view/helpers/javascript_helper'
+require 'action_view/helpers/javascript_helper'
+require 'active_support/core_ext/array/access'
+require 'active_support/core_ext/hash/keys'
 
 module ActionView
   module Helpers #:nodoc:
@@ -9,13 +11,18 @@ module ActionView
     module UrlHelper
       include JavaScriptHelper
 
+      # Need to map default url options to controller one.
+      def default_url_options(*args) #:nodoc:
+        controller.send(:default_url_options, *args)
+      end
+
       # Returns the URL for the set of +options+ provided. This takes the
       # same options as +url_for+ in Action Controller (see the
-      # documentation for ActionController::Base#url_for). Note that by default
-      # <tt>:only_path</tt> is <tt>true</tt> so you'll get the relative /controller/action
-      # instead of the fully qualified URL like http://example.com/controller/action.
+      # documentation for <tt>ActionController::Base#url_for</tt>). Note that by default
+      # <tt>:only_path</tt> is <tt>true</tt> so you'll get the relative "/controller/action"
+      # instead of the fully qualified URL like "http://example.com/controller/action".
       #
-      # When called from a view, url_for returns an HTML escaped url. If you
+      # When called from a view, +url_for+ returns an HTML escaped url. If you
       # need an unescaped url, pass <tt>:escape => false</tt> in the +options+.
       #
       # ==== Options
@@ -33,8 +40,8 @@ module ActionView
       #
       # If you instead of a hash pass a record (like an Active Record or Active Resource) as the options parameter,
       # you'll trigger the named route for that record. The lookup will happen on the name of the class. So passing
-      # a Workshop object will attempt to use the workshop_path route. If you have a nested route, such as
-      # admin_workshop_path you'll have to call that explicitly (it's impossible for url_for to guess that route).
+      # a Workshop object will attempt to use the +workshop_path+ route. If you have a nested route, such as
+      # +admin_workshop_path+ you'll have to call that explicitly (it's impossible for +url_for+ to guess that route).
       #
       # ==== Examples
       #   <%= url_for(:action => 'index') %>
@@ -81,11 +88,11 @@ module ActionView
           options
         when Hash
           options = { :only_path => options[:host].nil? }.update(options.symbolize_keys)
-          escape  = options.key?(:escape) ? options.delete(:escape) : true
-          @controller.send(:url_for, options)
+          escape  = options.key?(:escape) ? options.delete(:escape) : false
+          controller.send(:url_for, options)
         when :back
           escape = false
-          @controller.request.env["HTTP_REFERER"] || 'javascript:history.back()'
+          controller.request.env["HTTP_REFERER"] || 'javascript:history.back()'
         else
           escape = false
           polymorphic_path(options)
@@ -96,10 +103,10 @@ module ActionView
 
       # Creates a link tag of the given +name+ using a URL created by the set
       # of +options+. See the valid options in the documentation for
-      # url_for. It's also possible to pass a string instead
+      # +url_for+. It's also possible to pass a string instead
       # of an options hash to get a link tag that uses the value of the string as the
       # href for the link, or use <tt>:back</tt> to link to the referrer - a JavaScript back
-      # link will be used in place of a referrer if none exists. If nil is passed as
+      # link will be used in place of a referrer if none exists. If +nil+ is passed as
       # a name, the link itself will become the name.
       #
       # ==== Signatures
@@ -110,34 +117,21 @@ module ActionView
       #   end
       #
       # ==== Options
-      # * <tt>:confirm => 'question?'</tt> - This will add a JavaScript confirm
-      #   prompt with the question specified. If the user accepts, the link is
+      # * <tt>:confirm => 'question?'</tt> - This will allow the unobtrusive JavaScript 
+      #   driver to prompt with the question specified. If the user accepts, the link is
       #   processed normally, otherwise no action is taken.
-      # * <tt>:popup => true || array of window options</tt> - This will force the
-      #   link to open in a popup window. By passing true, a default browser window
-      #   will be opened with the URL. You can also specify an array of options
-      #   that are passed-thru to JavaScripts window.open method.
       # * <tt>:method => symbol of HTTP verb</tt> - This modifier will dynamically
       #   create an HTML form and immediately submit the form for processing using
       #   the HTTP verb specified. Useful for having links perform a POST operation
       #   in dangerous actions like deleting a record (which search bots can follow
       #   while spidering your site). Supported verbs are <tt>:post</tt>, <tt>:delete</tt> and <tt>:put</tt>.
       #   Note that if the user has JavaScript disabled, the request will fall back
-      #   to using GET. If you are relying on the POST behavior, you should check
-      #   for it in your controller's action by using the request object's methods
-      #   for <tt>post?</tt>, <tt>delete?</tt> or <tt>put?</tt>.
+      #   to using GET. If <tt>:href => '#'</tt> is used and the user has JavaScript
+      #   disabled clicking the link will have no effect. If you are relying on the
+      #   POST behavior, you should check for it in your controller's action by using
+      #   the request object's methods for <tt>post?</tt>, <tt>delete?</tt> or <tt>put?</tt>.
       # * The +html_options+ will accept a hash of html attributes for the link tag.
       #
-      # Note that if the user has JavaScript disabled, the request will fall back
-      # to using GET. If <tt>:href => '#'</tt> is used and the user has JavaScript disabled
-      # clicking the link will have no effect. If you are relying on the POST
-      # behavior, your should check for it in your controller's action by using the
-      # request object's methods for <tt>post?</tt>, <tt>delete?</tt> or <tt>put?</tt>.
-      #
-      # You can mix and match the +html_options+ with the exception of
-      # <tt>:popup</tt> and <tt>:method</tt> which will raise an ActionView::ActionViewError
-      # exception.
-      #
       # ==== Examples
       # Because it relies on +url_for+, +link_to+ supports both older-style controller/action/id arguments
       # and newer RESTful routes.  Current Rails style favors RESTful routes whenever possible, so base
@@ -169,9 +163,11 @@ module ActionView
       # You can use a block as well if your link target is hard to fit into the name parameter. ERb example:
       #
       #   <% link_to(@profile) do %>
-      #     <strong><%= @profile.name %></strong> -- <span>Check it out!!</span>
+      #     <strong><%= @profile.name %></strong> -- <span>Check it out!</span>
       #   <% end %>
-      #   # => <a href="/profiles/1"><strong>David</strong> -- <span>Check it out!!</span></a>
+      #   # => <a href="/profiles/1">
+      #          <strong>David</strong> -- <span>Check it out!</span>
+      #        </a>
       #
       # Classes and ids for CSS are easy to produce:
       #
@@ -199,45 +195,38 @@ module ActionView
       #   link_to "Nonsense search", searches_path(:foo => "bar", :baz => "quux")
       #   # => <a href="/searches?foo=bar&amp;baz=quux">Nonsense search</a>
       #
-      # The three options specific to +link_to+ (<tt>:confirm</tt>, <tt>:popup</tt>, and <tt>:method</tt>) are used as follows:
+      # The two options specific to +link_to+ (<tt>:confirm</tt> and <tt>:method</tt>) are used as follows:
       #
       #   link_to "Visit Other Site", "http://www.rubyonrails.org/", :confirm => "Are you sure?"
-      #   # => <a href="http://www.rubyonrails.org/" onclick="return confirm('Are you sure?');">Visit Other Site</a>
-      #
-      #   link_to "Help", { :action => "help" }, :popup => true
-      #   # => <a href="/testing/help/" onclick="window.open(this.href);return false;">Help</a>
+      #   # => <a href="http://www.rubyonrails.org/" data-confirm="Are you sure?"">Visit Other Site</a>
       #
-      #   link_to "View Image", @image, :popup => ['new_window_name', 'height=300,width=600']
-      #   # => <a href="/images/9" onclick="window.open(this.href,'new_window_name','height=300,width=600');return false;">View Image</a>
+      #   link_to("Destroy", "http://www.example.com", :method => :delete, :confirm => "Are you sure?")
+      #   # => <a href='http://www.example.com' rel="nofollow" data-method="delete" data-confirm="Are you sure?">Destroy</a>
+
       #
-      #   link_to "Delete Image", @image, :confirm => "Are you sure?", :method => :delete
-      #   # => <a href="/images/9" onclick="if (confirm('Are you sure?')) { var f = document.createElement('form');
-      #        f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;
-      #        var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method');
-      #        m.setAttribute('value', 'delete'); f.appendChild(m);f.submit(); };return false;">Delete Image</a>
       def link_to(*args, &block)
         if block_given?
           options      = args.first || {}
           html_options = args.second
-          concat(link_to(capture(&block), options, html_options))
+          safe_concat(link_to(capture(&block), options, html_options))
         else
-          name         = args.first
-          options      = args.second || {}
-          html_options = args.third
+          name         = args[0]
+          options      = args[1] || {}
+          html_options = args[2]
 
           url = url_for(options)
+          html_options = convert_options_to_data_attributes(options, html_options)
 
           if html_options
             html_options = html_options.stringify_keys
             href = html_options['href']
-            convert_options_to_javascript!(html_options, url)
             tag_options = tag_options(html_options)
           else
             tag_options = nil
           end
 
           href_attr = "href=\"#{url}\"" unless href
-          "<a #{href_attr}#{tag_options}>#{name || url}</a>".html_safe
+          "<a #{href_attr}#{tag_options}>#{ERB::Util.h(name || url)}</a>".html_safe
         end
       end
 
@@ -245,28 +234,30 @@ module ActionView
       # by the set of +options+. This is the safest method to ensure links that
       # cause changes to your data are not triggered by search bots or accelerators.
       # If the HTML button does not work with your layout, you can also consider
-      # using the link_to method with the <tt>:method</tt> modifier as described in
-      # the link_to documentation.
+      # using the +link_to+ method with the <tt>:method</tt> modifier as described in
+      # the +link_to+ documentation.
       #
-      # The generated FORM element has a class name of <tt>button-to</tt>
+      # The generated form element has a class name of <tt>button-to</tt>
       # to allow styling of the form itself and its children. You can control
       # the form submission and input element behavior using +html_options+.
       # This method accepts the <tt>:method</tt> and <tt>:confirm</tt> modifiers
-      # described in the link_to documentation. If no <tt>:method</tt> modifier
+      # described in the +link_to+ documentation. If no <tt>:method</tt> modifier
       # is given, it will default to performing a POST operation. You can also
       # disable the button by passing <tt>:disabled => true</tt> in +html_options+.
       # If you are using RESTful routes, you can pass the <tt>:method</tt>
       # to change the HTTP verb used to submit the form.
       #
       # ==== Options
-      # The +options+ hash accepts the same options at url_for.
+      # The +options+ hash accepts the same options as url_for.
       #
       # There are a few special +html_options+:
       # * <tt>:method</tt> - Specifies the anchor name to be appended to the path.
       # * <tt>:disabled</tt> - Specifies the anchor name to be appended to the path.
-      # * <tt>:confirm</tt> - This will add a JavaScript confirm
+      # * <tt>:confirm</tt> - This will use the unobtrusive JavaScript driver to 
       #   prompt with the question specified. If the user accepts, the link is
       #   processed normally, otherwise no action is taken.
+      # * <tt>:remote</tt> -  If set to true, will allow the Unobtrusive JavaScript drivers to control the 
+      #   submit behaviour. By default this behaviour is an ajax submit.
       #
       # ==== Examples
       #   <%= button_to "New", :action => "new" %>
@@ -274,15 +265,27 @@ module ActionView
       #   #      <div><input value="New" type="submit" /></div>
       #   #    </form>"
       #
-      #   button_to "Delete Image", { :action => "delete", :id => @image.id },
-      #             :confirm => "Are you sure?", :method => :delete
+      #
+      #   <%= button_to "Delete Image", { :action => "delete", :id => @image.id },
+      #             :confirm => "Are you sure?", :method => :delete %>
       #   # => "<form method="post" action="/images/delete/1" class="button-to">
       #   #      <div>
       #   #        <input type="hidden" name="_method" value="delete" />
-      #   #        <input onclick="return confirm('Are you sure?');"
-      #   #              value="Delete" type="submit" />
+      #   #        <input data-confirm='Are you sure?' value="Delete" type="submit" />
       #   #      </div>
       #   #    </form>"
+      #
+      #
+      #   <%= button_to('Destroy', 'http://www.example.com', :confirm => 'Are you sure?', 
+      #             :method => "delete", :remote => true, :disable_with => 'loading...') %>
+      #   # => "<form class='button-to' method='post' action='http://www.example.com' data-remote='true'>
+      #   #       <div>
+      #   #         <input name='_method' value='delete' type='hidden' />
+      #   #         <input value='Destroy' type='submit' disable_with='loading...' data-confirm='Are you sure?' />
+      #   #       </div>
+      #   #     </form>"
+      #   #
+
       def button_to(name, options = {}, html_options = {})
         html_options = html_options.stringify_keys
         convert_boolean_attributes!(html_options, %w( disabled ))
@@ -294,21 +297,21 @@ module ActionView
 
         form_method = method.to_s == 'get' ? 'get' : 'post'
 
+        remote = html_options.delete('remote')
+
         request_token_tag = ''
         if form_method == 'post' && protect_against_forgery?
           request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
         end
 
-        if confirm = html_options.delete("confirm")
-          html_options["onclick"] = "return #{confirm_javascript_function(confirm)};"
-        end
-
         url = options.is_a?(String) ? options : self.url_for(options)
         name ||= url
 
+        html_options = convert_options_to_data_attributes(options, html_options)
+
         html_options.merge!("type" => "submit", "value" => name)
 
-        ("<form method=\"#{form_method}\" action=\"#{escape_once url}\" class=\"button-to\"><div>" +
+        ("<form method=\"#{form_method}\" action=\"#{escape_once url}\" #{"data-remote=\"true\"" if remote} class=\"button-to\"><div>" +
           method_tag + tag("input", html_options) + request_token_tag + "</div></form>").html_safe
       end
 
@@ -316,7 +319,7 @@ module ActionView
       # Creates a link tag of the given +name+ using a URL created by the set of
       # +options+ unless the current request URI is the same as the links, in
       # which case only the name is returned (or the given block is yielded, if
-      # one exists).  You can give link_to_unless_current a block which will
+      # one exists).  You can give +link_to_unless_current+ a block which will
       # specialize the default behavior (e.g., show a "Start Here" link rather
       # than the link's text).
       #
@@ -342,7 +345,7 @@ module ActionView
       #     <li><a href="/controller/about">About Us</a></li>
       #   </ul>
       #
-      # The implicit block given to link_to_unless_current is evaluated if the current
+      # The implicit block given to +link_to_unless_current+ is evaluated if the current
       # action is the action given.  So, if we had a comments page and wanted to render a
       # "Go Back" link instead of a link to the comments page, we could do something like this...
       #
@@ -359,7 +362,7 @@ module ActionView
       # +options+ unless +condition+ is true, in which case only the name is
       # returned. To specialize the default behavior (i.e., show a login link rather
       # than just the plaintext link text), you can pass a block that
-      # accepts the name or the full argument list for link_to_unless.
+      # accepts the name or the full argument list for +link_to_unless+.
       #
       # ==== Examples
       #   <%= link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) %>
@@ -390,8 +393,8 @@ module ActionView
       # Creates a link tag of the given +name+ using a URL created by the set of
       # +options+ if +condition+ is true, in which case only the name is
       # returned. To specialize the default behavior, you can pass a block that
-      # accepts the name or the full argument list for link_to_unless (see the examples
-      # in link_to_unless).
+      # accepts the name or the full argument list for +link_to_unless+ (see the examples
+      # in +link_to_unless+).
       #
       # ==== Examples
       #   <%= link_to_if(@current_user.nil?, "Login", { :controller => "sessions", :action => "new" }) %>
@@ -415,27 +418,27 @@ module ActionView
       # also used as the name of the link unless +name+ is specified. Additional
       # HTML attributes for the link can be passed in +html_options+.
       #
-      # mail_to has several methods for hindering email harvesters and customizing
+      # +mail_to+ has several methods for hindering email harvesters and customizing
       # the email itself by passing special keys to +html_options+.
       #
       # ==== Options
-      # * <tt>:encode</tt>  - This key will accept the strings "javascript" or "hex".
-      #   Passing "javascript" will dynamically create and encode the mailto: link then
+      # * <tt>:encode</tt> - This key will accept the strings "javascript" or "hex".
+      #   Passing "javascript" will dynamically create and encode the mailto link then
       #   eval it into the DOM of the page. This method will not show the link on
       #   the page if the user has JavaScript disabled. Passing "hex" will hex
-      #   encode the +email_address+ before outputting the mailto: link.
-      # * <tt>:replace_at</tt>  - When the link +name+ isn't provided, the
+      #   encode the +email_address+ before outputting the mailto link.
+      # * <tt>:replace_at</tt> - When the link +name+ isn't provided, the
       #   +email_address+ is used for the link label. You can use this option to
       #   obfuscate the +email_address+ by substituting the @ sign with the string
       #   given as the value.
-      # * <tt>:replace_dot</tt>  - When the link +name+ isn't provided, the
+      # * <tt>:replace_dot</tt> - When the link +name+ isn't provided, the
       #   +email_address+ is used for the link label. You can use this option to
       #   obfuscate the +email_address+ by substituting the . in the email with the
       #   string given as the value.
-      # * <tt>:subject</tt>  - Preset the subject line of the email.
+      # * <tt>:subject</tt> - Preset the subject line of the email.
       # * <tt>:body</tt> - Preset the body of the email.
-      # * <tt>:cc</tt>  - Carbon Copy addition recipients on the email.
-      # * <tt>:bcc</tt>  - Blind Carbon Copy additional recipients on the email.
+      # * <tt>:cc</tt> - Carbon Copy addition recipients on the email.
+      # * <tt>:bcc</tt> - Blind Carbon Copy additional recipients on the email.
       #
       # ==== Examples
       #   mail_to "me@domain.com"
@@ -460,19 +463,20 @@ module ActionView
 
         string = ''
         extras = ''
-        extras << "cc=#{CGI.escape(cc).gsub("+", "%20")}&" unless cc.nil?
-        extras << "bcc=#{CGI.escape(bcc).gsub("+", "%20")}&" unless bcc.nil?
-        extras << "body=#{CGI.escape(body).gsub("+", "%20")}&" unless body.nil?
-        extras << "subject=#{CGI.escape(subject).gsub("+", "%20")}&" unless subject.nil?
+        extras << "cc=#{Rack::Utils.escape(cc).gsub("+", "%20")}&" unless cc.nil?
+        extras << "bcc=#{Rack::Utils.escape(bcc).gsub("+", "%20")}&" unless bcc.nil?
+        extras << "body=#{Rack::Utils.escape(body).gsub("+", "%20")}&" unless body.nil?
+        extras << "subject=#{Rack::Utils.escape(subject).gsub("+", "%20")}&" unless subject.nil?
         extras = "?" << extras.gsub!(/&?$/,"") unless extras.empty?
 
-        email_address_obfuscated = html_escape(email_address)
+        email_address = email_address.to_s
+
+        email_address_obfuscated = email_address.dup
         email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.has_key?("replace_at")
         email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.has_key?("replace_dot")
 
         if encode == "javascript"
-          html = content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge({ "href" => "mailto:"+html_escape(email_address)+extras }))
-          "document.write('#{escape_javascript(html)}');".each_byte do |c|
+          "document.write('#{content_tag("a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c|
             string << sprintf("%%%x", c)
           end
           "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>"
@@ -489,9 +493,9 @@ module ActionView
             char = c.chr
             string << (char =~ /\w/ ? sprintf("%%%x", c) : char)
           end
-          content_tag "a", name || email_address_encoded.html_safe, html_options.merge({ "href" => "#{string}#{extras}" })
+          content_tag "a", name || email_address_encoded, html_options.merge({ "href" => "#{string}#{extras}" })
         else
-          content_tag "a", name || email_address_obfuscated.html_safe, html_options.merge({ "href" => "mailto:#{email_address}#{extras}" })
+          content_tag "a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:#{email_address}#{extras}" })
         end
       end
 
@@ -539,10 +543,10 @@ module ActionView
       #   # => false
       def current_page?(options)
         url_string = CGI.unescapeHTML(url_for(options))
-        request = @controller.request
-        # We ignore any extra parameters in the request_uri if the 
+        request = controller.request
+        # We ignore any extra parameters in the request_uri if the
         # submitted url doesn't have any either.  This lets the function
-        # work with things like ?order=asc 
+        # work with things like ?order=asc
         if url_string.index("?")
           request_uri = request.request_uri
         else
@@ -556,72 +560,74 @@ module ActionView
       end
 
       private
-        def convert_options_to_javascript!(html_options, url = '')
-          confirm, popup = html_options.delete("confirm"), html_options.delete("popup")
+        def convert_options_to_data_attributes(options, html_options)
+          html_options = {} if html_options.nil?
+          html_options = html_options.stringify_keys
+
+          if (options.is_a?(Hash) && options.key?('remote')) || (html_options.is_a?(Hash) && html_options.key?('remote'))
+            html_options['data-remote'] = 'true'
+            options.delete('remote') if options.is_a?(Hash)
+            html_options.delete('remote') if html_options.is_a?(Hash)
+          end
 
-          method, href = html_options.delete("method"), html_options['href']
+          confirm = html_options.delete("confirm")
 
-          html_options["onclick"] = case
-            when popup && method
-              raise ActionView::ActionViewError, "You can't use :popup and :method in the same link"
-            when confirm && popup
-              "if (#{confirm_javascript_function(confirm)}) { #{popup_javascript_function(popup)} };return false;"
-            when confirm && method
-              "if (#{confirm_javascript_function(confirm)}) { #{method_javascript_function(method, url, href)} };return false;"
-            when confirm
-              "return #{confirm_javascript_function(confirm)};"
-            when method
-              "#{method_javascript_function(method, url, href)}return false;"
-            when popup
-              "#{popup_javascript_function(popup)}return false;"
-            else
-              html_options["onclick"]
+          if html_options.key?("popup")
+            ActiveSupport::Deprecation.warn(":popup has been deprecated", caller)
           end
-        end
 
-        def confirm_javascript_function(confirm)
-          "confirm('#{escape_javascript(confirm)}')"
+          method, href = html_options.delete("method"), html_options['href']
+
+          add_confirm_to_attributes!(html_options, confirm) if confirm
+          add_method_to_attributes!(html_options, method)   if method
+
+          html_options["data-url"] = options[:url] if options.is_a?(Hash) && options[:url]
+
+          html_options
         end
 
-        def popup_javascript_function(popup)
-          popup.is_a?(Array) ? "window.open(this.href,'#{popup.first}','#{popup.last}');" : "window.open(this.href);"
+        def add_confirm_to_attributes!(html_options, confirm)
+          html_options["data-confirm"] = confirm if confirm
         end
 
-        def method_javascript_function(method, url = '', href = nil)
-          action = (href && url.size > 0) ? "'#{url}'" : 'this.href'
-          submit_function =
-            "var f = document.createElement('form'); f.style.display = 'none'; " +
-            "this.parentNode.appendChild(f); f.method = 'POST'; f.action = #{action};"
+        def add_method_to_attributes!(html_options, method)
+          html_options["rel"] = "nofollow" if method && method.to_s.downcase != "get"
+          html_options["data-method"] = method if method
+        end
 
-          unless method == :post
-            submit_function << "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); "
-            submit_function << "m.setAttribute('name', '_method'); m.setAttribute('value', '#{method}'); f.appendChild(m);"
+        def options_for_javascript(options)
+          if options.empty?
+            '{}'
+          else
+            "{#{options.keys.map { |k| "#{k}:#{options[k]}" }.sort.join(', ')}}"
           end
+        end
 
-          if protect_against_forgery?
-            submit_function << "var s = document.createElement('input'); s.setAttribute('type', 'hidden'); "
-            submit_function << "s.setAttribute('name', '#{request_forgery_protection_token}'); s.setAttribute('value', '#{escape_javascript form_authenticity_token}'); f.appendChild(s);"
+        def array_or_string_for_javascript(option)
+          if option.kind_of?(Array)
+            "['#{option.join('\',\'')}']"
+          elsif !option.nil?
+            "'#{option}'"
           end
-          submit_function << "f.submit();"
         end
 
-        # Processes the _html_options_ hash, converting the boolean
+        # Processes the +html_options+ hash, converting the boolean
         # attributes from true/false form into the form required by
         # HTML/XHTML.  (An attribute is considered to be boolean if
-        # its name is listed in the given _bool_attrs_ array.)
+        # its name is listed in the given +bool_attrs+ array.)
         #
-        # More specifically, for each boolean attribute in _html_options_
+        # More specifically, for each boolean attribute in +html_options+
         # given as:
         #
-        #     "attr" => bool_value
+        #   "attr" => bool_value
         #
-        # if the associated _bool_value_ evaluates to true, it is
+        # if the associated +bool_value+ evaluates to true, it is
         # replaced with the attribute's name; otherwise the attribute is
-        # removed from the _html_options_ hash.  (See the XHTML 1.0 spec,
+        # removed from the +html_options+ hash.  (See the XHTML 1.0 spec,
         # section 4.5 "Attribute Minimization" for more:
         # http://www.w3.org/TR/xhtml1/#h-4.5)
         #
-        # Returns the updated _html_options_ hash, which is also modified
+        # Returns the updated +html_options+ hash, which is also modified
         # in place.
         #
         # Example: