actionpack 3.0.0.beta3 → 3.0.0.beta4

data/lib/action_view/helpers/form_helper.rb

@@ -573,8 +573,19 @@ module ActionView
       #   label(:post, :privacy, "Public Post", :value => "public")
       #   # => <label for="post_privacy_public">Public Post</label>
       #
-      def label(object_name, method, text = nil, options = {})
-        InstanceTag.new(object_name, method, self, options.delete(:object)).to_label_tag(text, options)
+      #   label(:post, :terms) do
+      #     'Accept <a href="/terms">Terms</a>.'
+      #   end
+      def label(object_name, method, content_or_options = nil, options = nil, &block)
+        if block_given?
+          options = content_or_options if content_or_options.is_a?(Hash)
+          text = nil
+        else
+          text = content_or_options
+        end
+
+        options ||= {}
+        InstanceTag.new(object_name, method, self, options.delete(:object)).to_label_tag(text, options, &block)
       end
 
       # Returns an input tag of the "text" type tailored for accessing a specified attribute (identified by +method+) on an object
@@ -823,7 +834,7 @@ module ActionView
 
     module InstanceTagMethods #:nodoc:
       extend ActiveSupport::Concern
-      include Helpers::TagHelper, Helpers::FormTagHelper
+      include Helpers::CaptureHelper, Context, Helpers::TagHelper, Helpers::FormTagHelper
 
       attr_reader :method_name, :object_name
 
@@ -844,28 +855,38 @@ module ActionView
         end
       end
 
-      def to_label_tag(text = nil, options = {})
+      def to_label_tag(text = nil, options = {}, &block)
         options = options.stringify_keys
         tag_value = options.delete("value")
         name_and_id = options.dup
-        name_and_id["id"] = name_and_id["for"]
+
+        if name_and_id["for"]
+          name_and_id["id"] = name_and_id["for"]
+        else
+          name_and_id.delete("id")
+        end
+
         add_default_name_and_id_for_value(tag_value, name_and_id)
         options.delete("index")
         options["for"] ||= name_and_id["id"]
 
-        content = if text.blank?
-          I18n.t("helpers.label.#{object_name}.#{method_name}", :default => "").presence
+        if block_given?
+          label_tag(name_and_id["id"], options, &block)
         else
-          text.to_s
-        end
+          content = if text.blank?
+            I18n.t("helpers.label.#{object_name}.#{method_name}", :default => "").presence
+          else
+            text.to_s
+          end
 
-        content ||= if object && object.class.respond_to?(:human_attribute_name)
-          object.class.human_attribute_name(method_name)
-        end
+          content ||= if object && object.class.respond_to?(:human_attribute_name)
+            object.class.human_attribute_name(method_name)
+          end
 
-        content ||= method_name.humanize
+          content ||= method_name.humanize
 
-        label_tag(name_and_id["id"], content, options)
+          label_tag(name_and_id["id"], content, options)
+        end
       end
 
       def to_input_field_tag(field_type, options = {})
@@ -1012,7 +1033,7 @@ module ActionView
             pretty_tag_value = tag_value.to_s.gsub(/\s/, "_").gsub(/\W/, "").downcase
             specified_id = options["id"]
             add_default_name_and_id(options)
-            options["id"] += "_#{pretty_tag_value}" unless specified_id
+            options["id"] += "_#{pretty_tag_value}" if specified_id.blank? && options["id"].present?
           else
             add_default_name_and_id(options)
           end
@@ -1021,14 +1042,14 @@ module ActionView
         def add_default_name_and_id(options)
           if options.has_key?("index")
             options["name"] ||= tag_name_with_index(options["index"])
-            options["id"]   ||= tag_id_with_index(options["index"])
+            options["id"] = options.fetch("id", tag_id_with_index(options["index"]))
             options.delete("index")
           elsif defined?(@auto_index)
             options["name"] ||= tag_name_with_index(@auto_index)
-            options["id"]   ||= tag_id_with_index(@auto_index)
+            options["id"] = options.fetch("id", tag_id_with_index(@auto_index))
           else
             options["name"] ||= tag_name + (options.has_key?('multiple') ? '[]' : '')
-            options["id"]   ||= tag_id
+            options["id"] = options.fetch("id", tag_id)
           end
         end
 
@@ -1090,7 +1111,7 @@ module ActionView
       end
 
       (field_helpers - %w(label check_box radio_button fields_for hidden_field)).each do |selector|
-        src, line = <<-end_src, __LINE__ + 1
+        class_eval <<-RUBY_EVAL, __FILE__, __LINE__ + 1
           def #{selector}(method, options = {})  # def text_field(method, options = {})
             @template.send(                      #   @template.send(
               #{selector.inspect},               #     "text_field",
@@ -1098,8 +1119,7 @@ module ActionView
               method,                            #     method,
               objectify_options(options))        #     objectify_options(options))
           end                                    # end
-        end_src
-        class_eval src, __FILE__, line
+        RUBY_EVAL
       end
 
       def fields_for(record_or_name_or_array, *args, &block)
@@ -1137,8 +1157,8 @@ module ActionView
         @template.fields_for(name, *args, &block)
       end
 
-      def label(method, text = nil, options = {})
-        @template.label(@object_name, method, text, objectify_options(options))
+      def label(method, text = nil, options = {}, &block)
+        @template.label(@object_name, method, text, objectify_options(options), &block)
       end
 
       def check_box(method, options = {}, checked_value = "1", unchecked_value = "0")
@@ -1165,13 +1185,13 @@ module ActionView
       # submit button label, otherwise, it uses "Update Post".
       #
       # Those labels can be customized using I18n, under the helpers.submit key and accept
-      # the {{model}} as translation interpolation:
+      # the %{model} as translation interpolation:
       #
       #   en:
       #     helpers:
       #       submit:
-      #         create: "Create a {{model}}"
-      #         update: "Confirm changes to {{model}}"
+      #         create: "Create a %{model}"
+      #         update: "Confirm changes to %{model}"
       #
       # It also searches for a key specific for the given object:
       #
@@ -1179,7 +1199,7 @@ module ActionView
       #     helpers:
       #       submit:
       #         post:
-      #           create: "Add {{model}}"
+      #           create: "Add %{model}"
       #
       def submit(value=nil, options={})
         value, options = nil, value if value.is_a?(Hash)

data/lib/action_view/helpers/form_options_helper.rb

@@ -270,6 +270,15 @@ module ActionView
       #   options_for_select([ "VISA", "MasterCard", "Discover" ], ["VISA", "Discover"])
       #     <option selected="selected">VISA</option>\n<option>MasterCard</option>\n<option selected="selected">Discover</option>
       #
+      # You can optionally provide html attributes as the last element of the array.
+      #
+      # Examples:
+      #   options_for_select([ "Denmark", ["USA", {:class=>'bold'}], "Sweden" ], ["USA", "Sweden"])
+      #     <option value="Denmark">Denmark</option>\n<option value="USA" class="bold" selected="selected">USA</option>\n<option value="Sweden" selected="selected">Sweden</option>
+      #
+      #   options_for_select([["Dollar", "$", {:class=>"bold"}], ["Kroner", "DKK", {:onclick => "alert('HI');"}]])
+      #     <option value="$" class="bold">Dollar</option>\n<option value="DKK" onclick="alert('HI');">Kroner</option>
+      #
       # If you wish to specify disabled option tags, set +selected+ to be a hash, with <tt>:disabled</tt> being either a value
       # or array of values to be disabled. In this case, you can use <tt>:selected</tt> to specify selected option tags.
       #
@@ -291,10 +300,11 @@ module ActionView
         selected, disabled = extract_selected_and_disabled(selected)
 
         options_for_select = container.inject([]) do |options, element|
+          html_attributes = option_html_attributes(element)
           text, value = option_text_and_value(element)
           selected_attribute = ' selected="selected"' if option_value_selected?(value, selected)
           disabled_attribute = ' disabled="disabled"' if disabled && option_value_selected?(value, disabled)
-          options << %(<option value="#{html_escape(value.to_s)}"#{selected_attribute}#{disabled_attribute}>#{html_escape(text.to_s)}</option>)
+          options << %(<option value="#{html_escape(value.to_s)}"#{selected_attribute}#{disabled_attribute}#{html_attributes}>#{html_escape(text.to_s)}</option>)
         end
 
         options_for_select.join("\n").html_safe
@@ -444,7 +454,7 @@ module ActionView
           body << content_tag(:optgroup, options_for_select(group[1], selected_key), :label => group[0])
         end
 
-        body
+        body.html_safe
       end
 
       # Returns a string of option tags for pretty much any time zone in the
@@ -486,9 +496,22 @@ module ActionView
       end
 
       private
+        def option_html_attributes(element)
+          return "" unless Array === element
+          html_attributes = []
+          element.select { |e| Hash === e }.reduce({}, :merge).each do |k, v|
+            html_attributes << " #{k}=\"#{html_escape(v.to_s)}\""
+          end
+          html_attributes.join
+        end
+
         def option_text_and_value(option)
           # Options are [text, value] pairs or strings used for both.
-          if !option.is_a?(String) and option.respond_to?(:first) and option.respond_to?(:last)
+          case
+          when Array === option
+            option = option.reject { |e| Hash === e }
+            [option.first, option.last]
+          when !option.is_a?(String) && option.respond_to?(:first) && option.respond_to?(:last)
             [option.first, option.last]
           else
             [option, option]

data/lib/action_view/helpers/form_tag_helper.rb

@@ -142,7 +142,7 @@ module ActionView
         tag :input, { "type" => "text", "name" => name, "id" => sanitize_to_id(name), "value" => value }.update(options.stringify_keys)
       end
 
-      # Creates a label field
+      # Creates a label element. Accepts a block.
       #
       # ==== Options
       # * Creates standard HTML attributes for the tag.
@@ -156,8 +156,12 @@ module ActionView
       #
       #   label_tag 'name', nil, :class => 'small_label'
       #   # => <label for="name" class="small_label">Name</label>
-      def label_tag(name, text = nil, options = {})
-        content_tag :label, text || name.to_s.humanize, { "for" => sanitize_to_id(name) }.update(options.stringify_keys)
+      def label_tag(name = nil, content_or_options = nil, options = nil, &block)
+        options = content_or_options if block_given? && content_or_options.is_a?(Hash)
+        options ||= {}
+        options.stringify_keys!
+        options["for"] = sanitize_to_id(name) unless name.blank? || options.has_key?("for")
+        content_tag :label, content_or_options || name.to_s.humanize, options, &block
       end
 
       # Creates a hidden form input field used to transmit data that would be lost due to HTTP's statelessness or
@@ -289,7 +293,7 @@ module ActionView
         escape = options.key?("escape") ? options.delete("escape") : true
         content = html_escape(content) if escape
 
-        content_tag :textarea, content.html_safe, { "name" => name, "id" => sanitize_to_id(name) }.update(options)
+        content_tag :textarea, content.to_s.html_safe, { "name" => name, "id" => sanitize_to_id(name) }.update(options)
       end
 
       # Creates a check box form input tag.

data/lib/action_view/helpers/number_helper.rb

@@ -13,6 +13,9 @@ module ActionView
     # unchanged if can't be converted into a valid number.
     module NumberHelper
 
+      DEFAULT_CURRENCY_VALUES = { :format => "%u%n", :unit => "$", :separator => ".", :delimiter => ",",
+                                  :precision => 2, :significant => false, :strip_insignificant_zeros => false }
+
       # Raised when argument +number+ param given to the helpers is invalid and
       # the option :raise is set to  +true+.
       class InvalidNumberError < StandardError
@@ -104,9 +107,9 @@ module ActionView
 
         defaults  = I18n.translate(:'number.format', :locale => options[:locale], :default => {})
         currency  = I18n.translate(:'number.currency.format', :locale => options[:locale], :default => {})
-        defaults  = defaults.merge(currency)
 
-        options = options.reverse_merge(defaults)
+        defaults  = DEFAULT_CURRENCY_VALUES.merge(defaults).merge!(currency)
+        options   = defaults.merge!(options)
 
         unit      = options.delete(:unit)
         format    = options.delete(:format)

data/lib/action_view/helpers/prototype_helper.rb

@@ -767,7 +767,7 @@ module ActionView
       end
 
       def grep(variable, pattern, &block)
-        enumerate :grep, :variable => variable, :return => true, :method_args => [pattern], :yield_args => %w(value index), &block
+        enumerate :grep, :variable => variable, :return => true, :method_args => [::ActiveSupport::JSON::Variable.new(pattern.inspect)], :yield_args => %w(value index), &block
       end
 
       def in_groups_of(variable, number, fill_with = nil)

data/lib/action_view/helpers/tag_helper.rb

@@ -110,7 +110,7 @@ module ActionView
 
         def content_tag_string(name, content, options, escape = true)
           tag_options = tag_options(options, escape) if options
-          "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe
+          "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe
         end
 
         def tag_options(options, escape = true)

data/lib/action_view/helpers/text_helper.rb

@@ -1,4 +1,5 @@
 require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/string/filters'
 require 'action_view/helpers/tag_helper'
 
 module ActionView
@@ -42,28 +43,25 @@ module ActionView
       # ==== Examples
       #
       #   truncate("Once upon a time in a world far far away")
-      #   # => Once upon a time in a world...
+      #   # => "Once upon a time in a world..."
       #
-      #   truncate("Once upon a time in a world far far away", :separator => ' ')
-      #   # => Once upon a time in a world...
+      #   truncate("Once upon a time in a world far far away", :length => 17)
+      #   # => "Once upon a ti..."
       #
-      #   truncate("Once upon a time in a world far far away", :length => 14)
-      #   # => Once upon a...
+      #   truncate("Once upon a time in a world far far away", :lenght => 17, :separator => ' ')
+      #   # => "Once upon a..."
       #
-      #   truncate("And they found that many people were sleeping better.", :length => 25, "(clipped)")
-      #   # => And they found t(clipped)
-      #
-      #   truncate("And they found that many people were sleeping better.", :omission => "... (continued)", :length => 25)
-      #   # => And they f... (continued)
+      #   truncate("And they found that many people were sleeping better.", :length => 25, :omission => '... (continued)')
+      #   # => "And they f... (continued)"
       #
       # You can still use <tt>truncate</tt> with the old API that accepts the
       # +length+ as its optional second and the +ellipsis+ as its
       # optional third parameter:
       #   truncate("Once upon a time in a world far far away", 14)
-      #   # => Once upon a...
+      #   # => "Once upon a..."
       #
       #   truncate("And they found that many people were sleeping better.", 25, "... (continued)")
-      #   # => And they f... (continued)
+      #   # => "And they f... (continued)"
       def truncate(text, *args)
         options = args.extract_options!
         unless args.empty?
@@ -73,14 +71,11 @@ module ActionView
           options[:length] = args[0] || 30
           options[:omission] = args[1] || "..."
         end
-        options.reverse_merge!(:length => 30, :omission => "...")
 
-        if text
-          l = options[:length] - options[:omission].mb_chars.length
-          chars = text.mb_chars
-          stop = options[:separator] ? (chars.rindex(options[:separator].mb_chars, l) || l) : l
-          (chars.length > options[:length] ? chars[0...stop] + options[:omission] : text).to_s
-        end
+        options.reverse_merge!(:length => 30)
+
+        text = sanitize(text) unless text.html_safe? || options[:safe]
+        text.truncate(options.delete(:length), options) if text
       end
 
       # Highlights one or more +phrases+ everywhere in +text+ by inserting it into
@@ -111,6 +106,7 @@ module ActionView
         end
         options.reverse_merge!(:highlighter => '<strong class="highlight">\1</strong>')
 
+        text = sanitize(text) unless text.html_safe? || options[:safe]
         if text.blank? || phrases.blank?
           text
         else
@@ -250,13 +246,14 @@ module ActionView
       #
       def textilize(text, *options)
         options ||= [:hard_breaks]
+        text = sanitize(text) unless text.html_safe? || options.delete(:safe)
 
         if text.blank?
           ""
         else
           textilized = RedCloth.new(text, options)
           textilized.to_html
-        end
+        end.html_safe
       end
 
       # Returns the text with all the Textile codes turned into HTML tags,
@@ -277,8 +274,8 @@ module ActionView
       #
       #   textilize_without_paragraph("Visit the Rails website "here":http://www.rubyonrails.org/.)
       #   # => "Visit the Rails website <a href="http://www.rubyonrails.org/">here</a>."
-      def textilize_without_paragraph(text)
-        textiled = textilize(text)
+      def textilize_without_paragraph(text, *options)
+        textiled = textilize(text, *options)
         if textiled[0..2] == "<p>" then textiled = textiled[3..-1] end
         if textiled[-4..-1] == "</p>" then textiled = textiled[0..-5] end
         return textiled
@@ -301,8 +298,9 @@ module ActionView
       #
       #   markdown('![The ROR logo](http://rubyonrails.com/images/rails.png "Ruby on Rails")')
       #   # => '<p><img src="http://rubyonrails.com/images/rails.png" alt="The ROR logo" title="Ruby on Rails" /></p>'
-      def markdown(text)
-        text.blank? ? "" : BlueCloth.new(text).to_html
+      def markdown(text, *options)
+        text = sanitize(text) unless text.html_safe? || options.delete(:safe)
+        (text.blank? ? "" : BlueCloth.new(text).to_html).html_safe
       end
 
       # Returns +text+ transformed into HTML using simple formatting rules.
@@ -326,14 +324,15 @@ module ActionView
       #
       #   simple_format("Look ma! A class!", :class => 'description')
       #   # => "<p class='description'>Look ma! A class!</p>"
-      def simple_format(text, html_options={})
+      def simple_format(text, html_options={}, options={})
+        text = '' if text.nil?
         start_tag = tag('p', html_options, true)
-        text = h(text)
+        text = sanitize(text) unless text.html_safe? || options[:safe]
         text.gsub!(/\r\n?/, "\n")                    # \r\n and \r -> \n
         text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}")  # 2+ newline  -> paragraph
         text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline   -> br
         text.insert 0, start_tag
-        text.safe_concat("</p>")
+        text.html_safe.safe_concat("</p>")
       end
 
       # Turns all URLs and e-mail addresses into clickable links. The <tt>:link</tt> option
@@ -374,7 +373,7 @@ module ActionView
       #   # => "Welcome to my new blog at <a href=\"http://www.myblog.com/\" target=\"_blank\">http://www.myblog.com</a>.
       #         Please e-mail me at <a href=\"mailto:me@email.com\">me@email.com</a>."
       def auto_link(text, *args, &block)#link = :all, html = {}, &block)
-        return '' if text.blank?
+        return ''.html_safe if text.blank?
 
         options = args.size == 2 ? {} : args.extract_options! # this is necessary because the old auto_link API has a Hash as its last parameter
         unless args.empty?
@@ -384,9 +383,9 @@ module ActionView
         options.reverse_merge!(:link => :all, :html => {})
 
         case options[:link].to_sym
-          when :all                         then auto_link_email_addresses(auto_link_urls(text, options[:html], &block), options[:html], &block)
+          when :all                         then auto_link_email_addresses(auto_link_urls(text, options[:html], options, &block), options[:html], &block)
           when :email_addresses             then auto_link_email_addresses(text, options[:html], &block)
-          when :urls                        then auto_link_urls(text, options[:html], &block)
+          when :urls                        then auto_link_urls(text, options[:html], options, &block)
         end
       end
 
@@ -537,22 +536,26 @@ module ActionView
         end
 
         AUTO_LINK_RE = %r{
-            ( https?:// | www\. )
+            (?: ([\w+.:-]+:)// | www\. )
             [^\s<]+
-          }x unless const_defined?(:AUTO_LINK_RE)
+          }x
+
+        # regexps for determining context, used high-volume
+        AUTO_LINK_CRE = [/<[^>]+$/, /^[^>]*>/, /<a\b.*?>/i, /<\/a>/i]
+
+        AUTO_EMAIL_RE = /[\w.!#\$%+-]+@[\w-]+(?:\.[\w-]+)+/
 
         BRACKETS = { ']' => '[', ')' => '(', '}' => '{' }
 
         # Turns all urls into clickable links.  If a block is given, each url
         # is yielded and the result is used as the link text.
-        def auto_link_urls(text, html_options = {})
+        def auto_link_urls(text, html_options = {}, options = {})
           link_attributes = html_options.stringify_keys
           text.gsub(AUTO_LINK_RE) do
-            href = $&
+            scheme, href = $1, $&
             punctuation = []
-            left, right = $`, $'
-            # detect already linked URLs and URLs in the middle of a tag
-            if left =~ /<[^>]+$/ && right =~ /^[^>]*>/
+            
+            if auto_linked?($`, $')
               # do not change string; URL is already linked
               href
             else
@@ -566,28 +569,34 @@ module ActionView
               end
 
               link_text = block_given?? yield(href) : href
-              href = 'http://' + href unless href =~ %r{^[a-z]+://}i
+              href = 'http://' + href unless scheme
 
-              content_tag(:a, h(link_text), link_attributes.merge('href' => href)) + punctuation.reverse.join('')
+              content_tag(:a, link_text, link_attributes.merge('href' => href), !(options[:safe] || text.html_safe?)) + punctuation.reverse.join('')
             end
-          end
+          end.html_safe
         end
 
         # Turns all email addresses into clickable links.  If a block is given,
         # each email is yielded and the result is used as the link text.
-        def auto_link_email_addresses(text, html_options = {})
-          body = text.dup
-          text.gsub(/([\w\.!#\$%\-+]+@[A-Za-z0-9\-]+(\.[A-Za-z0-9\-]+)+)/) do
-            text = $1
+        def auto_link_email_addresses(text, html_options = {}, options = {})
+          text.gsub(AUTO_EMAIL_RE) do
+            text = $&
 
-            if body.match(/<a\b[^>]*>(.*)(#{Regexp.escape(text)})(.*)<\/a>/)
-              text
+            if auto_linked?($`, $')
+              text.html_safe
             else
               display_text = (block_given?) ? yield(text) : text
+              display_text = sanitize(display_text) unless options[:safe]
               mail_to text, display_text, html_options
             end
           end
         end
+        
+        # Detects already linked context or position in the middle of a tag
+        def auto_linked?(left, right)
+          (left =~ AUTO_LINK_CRE[0] and right =~ AUTO_LINK_CRE[1]) or
+            (left.rindex(AUTO_LINK_CRE[2]) and $' !~ AUTO_LINK_CRE[3])
+        end
     end
   end
 end