Making escaped things more readable

beeb0207 · Santiago Pastorino · wycats · 3da9a08a · beeb0207 · beeb0207
3 changed file
--- a/actionpack/lib/action_view/helpers/active_model_helper.rb
+++ b/actionpack/lib/action_view/helpers/active_model_helper.rb
@@ -129,7 +129,7 @@ def error_message_on(object, method, *args)
        if (obj = (object.respond_to?(:errors) ? object : instance_variable_get("@#{object}"))) &&
          (errors = obj.errors[method])
          content_tag("div",
-            (options[:prepend_text].html_safe << errors.first).safe_concat(options[:append_text]),
+            "#{options[:prepend_text]}#{ERB::Util.h(errors.first)}#{options[:append_text]}".html_safe,
            :class => options[:css_class]
          )
        else

--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -109,7 +109,7 @@ def escape_once(html)

        def content_tag_string(name, content, options, escape = true)
          tag_options = tag_options(options, escape) if options
-          ("<#{name}#{tag_options}>".html_safe << content.to_s).safe_concat("</#{name}>")
+          "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe
        end

        def tag_options(options, escape = true)

--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -224,7 +224,7 @@ def link_to(*args, &block)
          end

          href_attr = "href=\"#{url}\"" unless href
-          ("<a #{href_attr}#{tag_options}>".html_safe << (name || url)).safe_concat("</a>")
+          "<a #{href_attr}#{tag_options}>#{ERB::Util.h(name || url)}</a>".html_safe
        end
      end