-
Sean Doyle authored
Prior to this commit, chaining more than one `token_list` calls with a [data-action][] attribute value would result in one too many HTML escapes. Additional subsequent calls would compound the problem. For example, the following calls would result in an invalid descriptor that's escaped too many times to be parsed. ```ruby first = "click->controller#action1" second = "click->controller#action2" third = "click->controller#action3" fourth = "click->controller#action4" value = token_list(first, token_list(second, token_list(third))) CGI.unescape_html value.to_s # => "click->controller#action1 click->controller#action2 click->controller#action3 click->controller#action4" ``` By [CGI.unescape_html][] each `String` value before passing it to [token_list][] (which re-escapes the value), we can preserve a lossless concatenation process while also preserving the HTML safety. After this commit, the previous example works as expected: ```ruby first = "click->controller#action1" second = "click->controller#action2" third = "click->controller#action3" fourth = "click->controller#action4" value = token_list(first, token_list(second, token_list(third))) CGI.unescape_html value.to_s # => "click->controller#action1 click->controller#action2 click->controller#action3 click->controller#action4" ``` [unescaping]: https://ruby-doc.org/stdlib-2.5.3/libdoc/cgi/rdoc/CGI/Util.html#method-i-unescape_html [token_list]: https://edgeapi.rubyonrails.org/classes/ActionView/Helpers/TagHelper.html#method-i-token_list [data-action]: https://stimulus.hotwired.dev/reference/actions
Sean Doyle authoredPrior to this commit, chaining more than one `token_list` calls with a [data-action][] attribute value would result in one too many HTML escapes. Additional subsequent calls would compound the problem. For example, the following calls would result in an invalid descriptor that's escaped too many times to be parsed. ```ruby first = "click->controller#action1" second = "click->controller#action2" third = "click->controller#action3" fourth = "click->controller#action4" value = token_list(first, token_list(second, token_list(third))) CGI.unescape_html value.to_s # => "click->controller#action1 click->controller#action2 click->controller#action3 click->controller#action4" ``` By [CGI.unescape_html][] each `String` value before passing it to [token_list][] (which re-escapes the value), we can preserve a lossless concatenation process while also preserving the HTML safety. After this commit, the previous example works as expected: ```ruby first = "click->controller#action1" second = "click->controller#action2" third = "click->controller#action3" fourth = "click->controller#action4" value = token_list(first, token_list(second, token_list(third))) CGI.unescape_html value.to_s # => "click->controller#action1 click->controller#action2 click->controller#action3 click->controller#action4" ``` [unescaping]: https://ruby-doc.org/stdlib-2.5.3/libdoc/cgi/rdoc/CGI/Util.html#method-i-unescape_html [token_list]: https://edgeapi.rubyonrails.org/classes/ActionView/Helpers/TagHelper.html#method-i-token_list [data-action]: https://stimulus.hotwired.dev/reference/actions
Loading