... or rather, link text is escaped *only if* first argument is an ActiveRecord object, so as not to break any existing behavior.
Patch updated, and pastie updated: http://pastie.caboo.se/74543 On Jun 28, 3:29 pm, Geoff B <[EMAIL PROTECTED]> wrote: > Good catch on the html escaping. > > I updated the patch so that html escaping happens automatically when > the first argument passed in is not a string. > > So, with <%= link_to @company %> the link text will be automatically > escaped. > > With the standard syntax, you'd need to explicitly escape, as before: < > %= link_to h(@company.name), @company %> > > http://dev.rubyonrails.org/ticket/8794 > > On Jun 28, 2:48 pm, Courtenay <[EMAIL PROTECTED]> wrote: > > > On 6/28/07, Geoff B <[EMAIL PROTECTED]> wrote: > > > > Thanks, Mislav! > > > > I created a pastie of the to_s-oriented patch, so that others could > > > test out the DRY-ed link_to syntax:http://pastie.caboo.se/74452 > > > > With both of these pasties applied, I've been refactoring my link_to > > > calls -- ex: <%= link_to @post %> links to the resource, with the > > > @post.title as the link text -- very nice. > > > Don't you all mean > > > <%= link_to h(@company.name), ... %> > > > Where's the escaping?! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
