Functional tests now work properly, bearing in mind whether a user is logged in or...
[depot.git] / vendor / rails / actionpack / lib / action_view / helpers / url_helper.rb
1 require 'action_view/helpers/javascript_helper'
2
3 module ActionView
4 module Helpers #:nodoc:
5 # Provides a set of methods for making links and getting URLs that
6 # depend on the routing subsystem (see ActionController::Routing).
7 # This allows you to use the same format for links in views
8 # and controllers.
9 module UrlHelper
10 include JavaScriptHelper
11
12 # Returns the URL for the set of +options+ provided. This takes the
13 # same options as +url_for+ in Action Controller (see the
14 # documentation for ActionController::Base#url_for). Note that by default
15 # <tt>:only_path</tt> is <tt>true</tt> so you'll get the relative /controller/action
16 # instead of the fully qualified URL like http://example.com/controller/action.
17 #
18 # When called from a view, url_for returns an HTML escaped url. If you
19 # need an unescaped url, pass <tt>:escape => false</tt> in the +options+.
20 #
21 # ==== Options
22 # * <tt>:anchor</tt> - Specifies the anchor name to be appended to the path.
23 # * <tt>:only_path</tt> - If true, returns the relative URL (omitting the protocol, host name, and port) (<tt>true</tt> by default unless <tt>:host</tt> is specified).
24 # * <tt>:trailing_slash</tt> - If true, adds a trailing slash, as in "/archive/2005/". Note that this
25 # is currently not recommended since it breaks caching.
26 # * <tt>:host</tt> - Overrides the default (current) host if provided.
27 # * <tt>:protocol</tt> - Overrides the default (current) protocol if provided.
28 # * <tt>:user</tt> - Inline HTTP authentication (only plucked out if <tt>:password</tt> is also present).
29 # * <tt>:password</tt> - Inline HTTP authentication (only plucked out if <tt>:user</tt> is also present).
30 # * <tt>:escape</tt> - Determines whether the returned URL will be HTML escaped or not (<tt>true</tt> by default).
31 #
32 # ==== Relying on named routes
33 #
34 # If you instead of a hash pass a record (like an Active Record or Active Resource) as the options parameter,
35 # you'll trigger the named route for that record. The lookup will happen on the name of the class. So passing
36 # a Workshop object will attempt to use the workshop_path route. If you have a nested route, such as
37 # admin_workshop_path you'll have to call that explicitly (it's impossible for url_for to guess that route).
38 #
39 # ==== Examples
40 # <%= url_for(:action => 'index') %>
41 # # => /blog/
42 #
43 # <%= url_for(:action => 'find', :controller => 'books') %>
44 # # => /books/find
45 #
46 # <%= url_for(:action => 'login', :controller => 'members', :only_path => false, :protocol => 'https') %>
47 # # => https://www.railsapplication.com/members/login/
48 #
49 # <%= url_for(:action => 'play', :anchor => 'player') %>
50 # # => /messages/play/#player
51 #
52 # <%= url_for(:action => 'checkout', :anchor => 'tax&ship') %>
53 # # => /testing/jump/#tax&amp;ship
54 #
55 # <%= url_for(:action => 'checkout', :anchor => 'tax&ship', :escape => false) %>
56 # # => /testing/jump/#tax&ship
57 #
58 # <%= url_for(Workshop.new) %>
59 # # relies on Workshop answering a new_record? call (and in this case returning true)
60 # # => /workshops
61 #
62 # <%= url_for(@workshop) %>
63 # # calls @workshop.to_s
64 # # => /workshops/5
65 #
66 # <%= url_for("http://www.example.com") %>
67 # # => http://www.example.com
68 #
69 # <%= url_for(:back) %>
70 # # if request.env["HTTP_REFERER"] is set to "http://www.example.com"
71 # # => http://www.example.com
72 #
73 # <%= url_for(:back) %>
74 # # if request.env["HTTP_REFERER"] is not set or is blank
75 # # => javascript:history.back()
76 def url_for(options = {})
77 options ||= {}
78 url = case options
79 when String
80 escape = true
81 options
82 when Hash
83 options = { :only_path => options[:host].nil? }.update(options.symbolize_keys)
84 escape = options.key?(:escape) ? options.delete(:escape) : true
85 @controller.send(:url_for, options)
86 when :back
87 escape = false
88 @controller.request.env["HTTP_REFERER"] || 'javascript:history.back()'
89 else
90 escape = false
91 polymorphic_path(options)
92 end
93
94 escape ? escape_once(url) : url
95 end
96
97 # Creates a link tag of the given +name+ using a URL created by the set
98 # of +options+. See the valid options in the documentation for
99 # url_for. It's also possible to pass a string instead
100 # of an options hash to get a link tag that uses the value of the string as the
101 # href for the link, or use <tt>:back</tt> to link to the referrer - a JavaScript back
102 # link will be used in place of a referrer if none exists. If nil is passed as
103 # a name, the link itself will become the name.
104 #
105 # ==== Signatures
106 #
107 # link_to(name, options = {}, html_options = nil)
108 # link_to(options = {}, html_options = nil) do
109 # # name
110 # end
111 #
112 # ==== Options
113 # * <tt>:confirm => 'question?'</tt> - This will add a JavaScript confirm
114 # prompt with the question specified. If the user accepts, the link is
115 # processed normally, otherwise no action is taken.
116 # * <tt>:popup => true || array of window options</tt> - This will force the
117 # link to open in a popup window. By passing true, a default browser window
118 # will be opened with the URL. You can also specify an array of options
119 # that are passed-thru to JavaScripts window.open method.
120 # * <tt>:method => symbol of HTTP verb</tt> - This modifier will dynamically
121 # create an HTML form and immediately submit the form for processing using
122 # the HTTP verb specified. Useful for having links perform a POST operation
123 # in dangerous actions like deleting a record (which search bots can follow
124 # while spidering your site). Supported verbs are <tt>:post</tt>, <tt>:delete</tt> and <tt>:put</tt>.
125 # Note that if the user has JavaScript disabled, the request will fall back
126 # to using GET. If you are relying on the POST behavior, you should check
127 # for it in your controller's action by using the request object's methods
128 # for <tt>post?</tt>, <tt>delete?</tt> or <tt>put?</tt>.
129 # * The +html_options+ will accept a hash of html attributes for the link tag.
130 #
131 # Note that if the user has JavaScript disabled, the request will fall back
132 # to using GET. If <tt>:href => '#'</tt> is used and the user has JavaScript disabled
133 # clicking the link will have no effect. If you are relying on the POST
134 # behavior, your should check for it in your controller's action by using the
135 # request object's methods for <tt>post?</tt>, <tt>delete?</tt> or <tt>put?</tt>.
136 #
137 # You can mix and match the +html_options+ with the exception of
138 # <tt>:popup</tt> and <tt>:method</tt> which will raise an ActionView::ActionViewError
139 # exception.
140 #
141 # ==== Examples
142 # Because it relies on +url_for+, +link_to+ supports both older-style controller/action/id arguments
143 # and newer RESTful routes. Current Rails style favors RESTful routes whenever possible, so base
144 # your application on resources and use
145 #
146 # link_to "Profile", profile_path(@profile)
147 # # => <a href="/profiles/1">Profile</a>
148 #
149 # or the even pithier
150 #
151 # link_to "Profile", @profile
152 # # => <a href="/profiles/1">Profile</a>
153 #
154 # in place of the older more verbose, non-resource-oriented
155 #
156 # link_to "Profile", :controller => "profiles", :action => "show", :id => @profile
157 # # => <a href="/profiles/show/1">Profile</a>
158 #
159 # Similarly,
160 #
161 # link_to "Profiles", profiles_path
162 # # => <a href="/profiles">Profiles</a>
163 #
164 # is better than
165 #
166 # link_to "Profiles", :controller => "profiles"
167 # # => <a href="/profiles">Profiles</a>
168 #
169 # You can use a block as well if your link target is hard to fit into the name parameter. ERb example:
170 #
171 # <% link_to(@profile) do %>
172 # <strong><%= @profile.name %></strong> -- <span>Check it out!!</span>
173 # <% end %>
174 # # => <a href="/profiles/1"><strong>David</strong> -- <span>Check it out!!</span></a>
175 #
176 # Classes and ids for CSS are easy to produce:
177 #
178 # link_to "Articles", articles_path, :id => "news", :class => "article"
179 # # => <a href="/articles" class="article" id="news">Articles</a>
180 #
181 # Be careful when using the older argument style, as an extra literal hash is needed:
182 #
183 # link_to "Articles", { :controller => "articles" }, :id => "news", :class => "article"
184 # # => <a href="/articles" class="article" id="news">Articles</a>
185 #
186 # Leaving the hash off gives the wrong link:
187 #
188 # link_to "WRONG!", :controller => "articles", :id => "news", :class => "article"
189 # # => <a href="/articles/index/news?class=article">WRONG!</a>
190 #
191 # +link_to+ can also produce links with anchors or query strings:
192 #
193 # link_to "Comment wall", profile_path(@profile, :anchor => "wall")
194 # # => <a href="/profiles/1#wall">Comment wall</a>
195 #
196 # link_to "Ruby on Rails search", :controller => "searches", :query => "ruby on rails"
197 # # => <a href="/searches?query=ruby+on+rails">Ruby on Rails search</a>
198 #
199 # link_to "Nonsense search", searches_path(:foo => "bar", :baz => "quux")
200 # # => <a href="/searches?foo=bar&amp;baz=quux">Nonsense search</a>
201 #
202 # The three options specific to +link_to+ (<tt>:confirm</tt>, <tt>:popup</tt>, and <tt>:method</tt>) are used as follows:
203 #
204 # link_to "Visit Other Site", "http://www.rubyonrails.org/", :confirm => "Are you sure?"
205 # # => <a href="http://www.rubyonrails.org/" onclick="return confirm('Are you sure?');">Visit Other Site</a>
206 #
207 # link_to "Help", { :action => "help" }, :popup => true
208 # # => <a href="/testing/help/" onclick="window.open(this.href);return false;">Help</a>
209 #
210 # link_to "View Image", @image, :popup => ['new_window_name', 'height=300,width=600']
211 # # => <a href="/images/9" onclick="window.open(this.href,'new_window_name','height=300,width=600');return false;">View Image</a>
212 #
213 # link_to "Delete Image", @image, :confirm => "Are you sure?", :method => :delete
214 # # => <a href="/images/9" onclick="if (confirm('Are you sure?')) { var f = document.createElement('form');
215 # f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;
216 # var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method');
217 # m.setAttribute('value', 'delete'); f.appendChild(m);f.submit(); };return false;">Delete Image</a>
218 def link_to(*args, &block)
219 if block_given?
220 options = args.first || {}
221 html_options = args.second
222 concat(link_to(capture(&block), options, html_options))
223 else
224 name = args.first
225 options = args.second || {}
226 html_options = args.third
227
228 url = url_for(options)
229
230 if html_options
231 html_options = html_options.stringify_keys
232 href = html_options['href']
233 convert_options_to_javascript!(html_options, url)
234 tag_options = tag_options(html_options)
235 else
236 tag_options = nil
237 end
238
239 href_attr = "href=\"#{url}\"" unless href
240 "<a #{href_attr}#{tag_options}>#{name || url}</a>"
241 end
242 end
243
244 # Generates a form containing a single button that submits to the URL created
245 # by the set of +options+. This is the safest method to ensure links that
246 # cause changes to your data are not triggered by search bots or accelerators.
247 # If the HTML button does not work with your layout, you can also consider
248 # using the link_to method with the <tt>:method</tt> modifier as described in
249 # the link_to documentation.
250 #
251 # The generated FORM element has a class name of <tt>button-to</tt>
252 # to allow styling of the form itself and its children. You can control
253 # the form submission and input element behavior using +html_options+.
254 # This method accepts the <tt>:method</tt> and <tt>:confirm</tt> modifiers
255 # described in the link_to documentation. If no <tt>:method</tt> modifier
256 # is given, it will default to performing a POST operation. You can also
257 # disable the button by passing <tt>:disabled => true</tt> in +html_options+.
258 # If you are using RESTful routes, you can pass the <tt>:method</tt>
259 # to change the HTTP verb used to submit the form.
260 #
261 # ==== Options
262 # The +options+ hash accepts the same options at url_for.
263 #
264 # There are a few special +html_options+:
265 # * <tt>:method</tt> - Specifies the anchor name to be appended to the path.
266 # * <tt>:disabled</tt> - Specifies the anchor name to be appended to the path.
267 # * <tt>:confirm</tt> - This will add a JavaScript confirm
268 # prompt with the question specified. If the user accepts, the link is
269 # processed normally, otherwise no action is taken.
270 #
271 # ==== Examples
272 # <%= button_to "New", :action => "new" %>
273 # # => "<form method="post" action="/controller/new" class="button-to">
274 # # <div><input value="New" type="submit" /></div>
275 # # </form>"
276 #
277 # button_to "Delete Image", { :action => "delete", :id => @image.id },
278 # :confirm => "Are you sure?", :method => :delete
279 # # => "<form method="post" action="/images/delete/1" class="button-to">
280 # # <div>
281 # # <input type="hidden" name="_method" value="delete" />
282 # # <input onclick="return confirm('Are you sure?');"
283 # # value="Delete" type="submit" />
284 # # </div>
285 # # </form>"
286 def button_to(name, options = {}, html_options = {})
287 html_options = html_options.stringify_keys
288 convert_boolean_attributes!(html_options, %w( disabled ))
289
290 method_tag = ''
291 if (method = html_options.delete('method')) && %w{put delete}.include?(method.to_s)
292 method_tag = tag('input', :type => 'hidden', :name => '_method', :value => method.to_s)
293 end
294
295 form_method = method.to_s == 'get' ? 'get' : 'post'
296
297 request_token_tag = ''
298 if form_method == 'post' && protect_against_forgery?
299 request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
300 end
301
302 if confirm = html_options.delete("confirm")
303 html_options["onclick"] = "return #{confirm_javascript_function(confirm)};"
304 end
305
306 url = options.is_a?(String) ? options : self.url_for(options)
307 name ||= url
308
309 html_options.merge!("type" => "submit", "value" => name)
310
311 "<form method=\"#{form_method}\" action=\"#{escape_once url}\" class=\"button-to\"><div>" +
312 method_tag + tag("input", html_options) + request_token_tag + "</div></form>"
313 end
314
315
316 # Creates a link tag of the given +name+ using a URL created by the set of
317 # +options+ unless the current request URI is the same as the links, in
318 # which case only the name is returned (or the given block is yielded, if
319 # one exists). You can give link_to_unless_current a block which will
320 # specialize the default behavior (e.g., show a "Start Here" link rather
321 # than the link's text).
322 #
323 # ==== Examples
324 # Let's say you have a navigation menu...
325 #
326 # <ul id="navbar">
327 # <li><%= link_to_unless_current("Home", { :action => "index" }) %></li>
328 # <li><%= link_to_unless_current("About Us", { :action => "about" }) %></li>
329 # </ul>
330 #
331 # If in the "about" action, it will render...
332 #
333 # <ul id="navbar">
334 # <li><a href="/controller/index">Home</a></li>
335 # <li>About Us</li>
336 # </ul>
337 #
338 # ...but if in the "index" action, it will render:
339 #
340 # <ul id="navbar">
341 # <li>Home</li>
342 # <li><a href="/controller/about">About Us</a></li>
343 # </ul>
344 #
345 # The implicit block given to link_to_unless_current is evaluated if the current
346 # action is the action given. So, if we had a comments page and wanted to render a
347 # "Go Back" link instead of a link to the comments page, we could do something like this...
348 #
349 # <%=
350 # link_to_unless_current("Comment", { :controller => 'comments', :action => 'new}) do
351 # link_to("Go back", { :controller => 'posts', :action => 'index' })
352 # end
353 # %>
354 def link_to_unless_current(name, options = {}, html_options = {}, &block)
355 link_to_unless current_page?(options), name, options, html_options, &block
356 end
357
358 # Creates a link tag of the given +name+ using a URL created by the set of
359 # +options+ unless +condition+ is true, in which case only the name is
360 # returned. To specialize the default behavior (i.e., show a login link rather
361 # than just the plaintext link text), you can pass a block that
362 # accepts the name or the full argument list for link_to_unless.
363 #
364 # ==== Examples
365 # <%= link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) %>
366 # # If the user is logged in...
367 # # => <a href="/controller/reply/">Reply</a>
368 #
369 # <%=
370 # link_to_unless(@current_user.nil?, "Reply", { :action => "reply" }) do |name|
371 # link_to(name, { :controller => "accounts", :action => "signup" })
372 # end
373 # %>
374 # # If the user is logged in...
375 # # => <a href="/controller/reply/">Reply</a>
376 # # If not...
377 # # => <a href="/accounts/signup">Reply</a>
378 def link_to_unless(condition, name, options = {}, html_options = {}, &block)
379 if condition
380 if block_given?
381 block.arity <= 1 ? yield(name) : yield(name, options, html_options)
382 else
383 name
384 end
385 else
386 link_to(name, options, html_options)
387 end
388 end
389
390 # Creates a link tag of the given +name+ using a URL created by the set of
391 # +options+ if +condition+ is true, in which case only the name is
392 # returned. To specialize the default behavior, you can pass a block that
393 # accepts the name or the full argument list for link_to_unless (see the examples
394 # in link_to_unless).
395 #
396 # ==== Examples
397 # <%= link_to_if(@current_user.nil?, "Login", { :controller => "sessions", :action => "new" }) %>
398 # # If the user isn't logged in...
399 # # => <a href="/sessions/new/">Login</a>
400 #
401 # <%=
402 # link_to_if(@current_user.nil?, "Login", { :controller => "sessions", :action => "new" }) do
403 # link_to(@current_user.login, { :controller => "accounts", :action => "show", :id => @current_user })
404 # end
405 # %>
406 # # If the user isn't logged in...
407 # # => <a href="/sessions/new/">Login</a>
408 # # If they are logged in...
409 # # => <a href="/accounts/show/3">my_username</a>
410 def link_to_if(condition, name, options = {}, html_options = {}, &block)
411 link_to_unless !condition, name, options, html_options, &block
412 end
413
414 # Creates a mailto link tag to the specified +email_address+, which is
415 # also used as the name of the link unless +name+ is specified. Additional
416 # HTML attributes for the link can be passed in +html_options+.
417 #
418 # mail_to has several methods for hindering email harvesters and customizing
419 # the email itself by passing special keys to +html_options+.
420 #
421 # ==== Options
422 # * <tt>:encode</tt> - This key will accept the strings "javascript" or "hex".
423 # Passing "javascript" will dynamically create and encode the mailto: link then
424 # eval it into the DOM of the page. This method will not show the link on
425 # the page if the user has JavaScript disabled. Passing "hex" will hex
426 # encode the +email_address+ before outputting the mailto: link.
427 # * <tt>:replace_at</tt> - When the link +name+ isn't provided, the
428 # +email_address+ is used for the link label. You can use this option to
429 # obfuscate the +email_address+ by substituting the @ sign with the string
430 # given as the value.
431 # * <tt>:replace_dot</tt> - When the link +name+ isn't provided, the
432 # +email_address+ is used for the link label. You can use this option to
433 # obfuscate the +email_address+ by substituting the . in the email with the
434 # string given as the value.
435 # * <tt>:subject</tt> - Preset the subject line of the email.
436 # * <tt>:body</tt> - Preset the body of the email.
437 # * <tt>:cc</tt> - Carbon Copy addition recipients on the email.
438 # * <tt>:bcc</tt> - Blind Carbon Copy additional recipients on the email.
439 #
440 # ==== Examples
441 # mail_to "me@domain.com"
442 # # => <a href="mailto:me@domain.com">me@domain.com</a>
443 #
444 # mail_to "me@domain.com", "My email", :encode => "javascript"
445 # # => <script type="text/javascript">eval(decodeURIComponent('%64%6f%63...%27%29%3b'))</script>
446 #
447 # mail_to "me@domain.com", "My email", :encode => "hex"
448 # # => <a href="mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d">My email</a>
449 #
450 # mail_to "me@domain.com", nil, :replace_at => "_at_", :replace_dot => "_dot_", :class => "email"
451 # # => <a href="mailto:me@domain.com" class="email">me_at_domain_dot_com</a>
452 #
453 # mail_to "me@domain.com", "My email", :cc => "ccaddress@domain.com",
454 # :subject => "This is an example email"
455 # # => <a href="mailto:me@domain.com?cc=ccaddress@domain.com&subject=This%20is%20an%20example%20email">My email</a>
456 def mail_to(email_address, name = nil, html_options = {})
457 html_options = html_options.stringify_keys
458 encode = html_options.delete("encode").to_s
459 cc, bcc, subject, body = html_options.delete("cc"), html_options.delete("bcc"), html_options.delete("subject"), html_options.delete("body")
460
461 string = ''
462 extras = ''
463 extras << "cc=#{CGI.escape(cc).gsub("+", "%20")}&" unless cc.nil?
464 extras << "bcc=#{CGI.escape(bcc).gsub("+", "%20")}&" unless bcc.nil?
465 extras << "body=#{CGI.escape(body).gsub("+", "%20")}&" unless body.nil?
466 extras << "subject=#{CGI.escape(subject).gsub("+", "%20")}&" unless subject.nil?
467 extras = "?" << extras.gsub!(/&?$/,"") unless extras.empty?
468
469 email_address = email_address.to_s
470
471 email_address_obfuscated = email_address.dup
472 email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.has_key?("replace_at")
473 email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.has_key?("replace_dot")
474
475 if encode == "javascript"
476 "document.write('#{content_tag("a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c|
477 string << sprintf("%%%x", c)
478 end
479 "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>"
480 elsif encode == "hex"
481 email_address_encoded = ''
482 email_address_obfuscated.each_byte do |c|
483 email_address_encoded << sprintf("&#%d;", c)
484 end
485
486 protocol = 'mailto:'
487 protocol.each_byte { |c| string << sprintf("&#%d;", c) }
488
489 email_address.each_byte do |c|
490 char = c.chr
491 string << (char =~ /\w/ ? sprintf("%%%x", c) : char)
492 end
493 content_tag "a", name || email_address_encoded, html_options.merge({ "href" => "#{string}#{extras}" })
494 else
495 content_tag "a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:#{email_address}#{extras}" })
496 end
497 end
498
499 # True if the current request URI was generated by the given +options+.
500 #
501 # ==== Examples
502 # Let's say we're in the <tt>/shop/checkout?order=desc</tt> action.
503 #
504 # current_page?(:action => 'process')
505 # # => false
506 #
507 # current_page?(:controller => 'shop', :action => 'checkout')
508 # # => true
509 #
510 # current_page?(:controller => 'shop', :action => 'checkout', :order => 'asc)
511 # # => false
512 #
513 # current_page?(:action => 'checkout')
514 # # => true
515 #
516 # current_page?(:controller => 'library', :action => 'checkout')
517 # # => false
518 def current_page?(options)
519 url_string = CGI.escapeHTML(url_for(options))
520 request = @controller.request
521 # We ignore any extra parameters in the request_uri if the
522 # submitted url doesn't have any either. This lets the function
523 # work with things like ?order=asc
524 if url_string.index("?")
525 request_uri = request.request_uri
526 else
527 request_uri = request.request_uri.split('?').first
528 end
529 if url_string =~ /^\w+:\/\//
530 url_string == "#{request.protocol}#{request.host_with_port}#{request_uri}"
531 else
532 url_string == request_uri
533 end
534 end
535
536 private
537 def convert_options_to_javascript!(html_options, url = '')
538 confirm, popup = html_options.delete("confirm"), html_options.delete("popup")
539
540 method, href = html_options.delete("method"), html_options['href']
541
542 html_options["onclick"] = case
543 when popup && method
544 raise ActionView::ActionViewError, "You can't use :popup and :method in the same link"
545 when confirm && popup
546 "if (#{confirm_javascript_function(confirm)}) { #{popup_javascript_function(popup)} };return false;"
547 when confirm && method
548 "if (#{confirm_javascript_function(confirm)}) { #{method_javascript_function(method)} };return false;"
549 when confirm
550 "return #{confirm_javascript_function(confirm)};"
551 when method
552 "#{method_javascript_function(method, url, href)}return false;"
553 when popup
554 "#{popup_javascript_function(popup)}return false;"
555 else
556 html_options["onclick"]
557 end
558 end
559
560 def confirm_javascript_function(confirm)
561 "confirm('#{escape_javascript(confirm)}')"
562 end
563
564 def popup_javascript_function(popup)
565 popup.is_a?(Array) ? "window.open(this.href,'#{popup.first}','#{popup.last}');" : "window.open(this.href);"
566 end
567
568 def method_javascript_function(method, url = '', href = nil)
569 action = (href && url.size > 0) ? "'#{url}'" : 'this.href'
570 submit_function =
571 "var f = document.createElement('form'); f.style.display = 'none'; " +
572 "this.parentNode.appendChild(f); f.method = 'POST'; f.action = #{action};"
573
574 unless method == :post
575 submit_function << "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); "
576 submit_function << "m.setAttribute('name', '_method'); m.setAttribute('value', '#{method}'); f.appendChild(m);"
577 end
578
579 if protect_against_forgery?
580 submit_function << "var s = document.createElement('input'); s.setAttribute('type', 'hidden'); "
581 submit_function << "s.setAttribute('name', '#{request_forgery_protection_token}'); s.setAttribute('value', '#{escape_javascript form_authenticity_token}'); f.appendChild(s);"
582 end
583 submit_function << "f.submit();"
584 end
585
586 # Processes the _html_options_ hash, converting the boolean
587 # attributes from true/false form into the form required by
588 # HTML/XHTML. (An attribute is considered to be boolean if
589 # its name is listed in the given _bool_attrs_ array.)
590 #
591 # More specifically, for each boolean attribute in _html_options_
592 # given as:
593 #
594 # "attr" => bool_value
595 #
596 # if the associated _bool_value_ evaluates to true, it is
597 # replaced with the attribute's name; otherwise the attribute is
598 # removed from the _html_options_ hash. (See the XHTML 1.0 spec,
599 # section 4.5 "Attribute Minimization" for more:
600 # http://www.w3.org/TR/xhtml1/#h-4.5)
601 #
602 # Returns the updated _html_options_ hash, which is also modified
603 # in place.
604 #
605 # Example:
606 #
607 # convert_boolean_attributes!( html_options,
608 # %w( checked disabled readonly ) )
609 def convert_boolean_attributes!(html_options, bool_attrs)
610 bool_attrs.each { |x| html_options[x] = x if html_options.delete(x) }
611 html_options
612 end
613 end
614 end
615 end