Output of *_path not html_safe?

addis_a · September 1, 2014, 9:51pm

From a lengthy discussion on #removed_email_address@domain.invalid, I am wondering
about something. The *_path and *_url methods return plain String
objects,
not an ActiveSupport::SafeBuffer. If something is passed into (say)
link_to
that contains an escapable character, such as & in a query string,
link_to
will escape it.

I haven’t encountered people putting .html_safe on *_path methods
before,
so I didn’t know about this. Is this something well-known? Is it
expected?
My assumption was that it would have been html_safe.

Anyone have any thoughts on this?

Example:

app.glucose_readings_path(:hello => true, :goodbye=> false)
=> “/glucose_readings?goodbye=false&hello=true”

app.glucose_readings_path(:hello => true, :goodbye=> false).class
=> String < Object

foo.link_to “hi”, app.glucose_readings_path(:hello => true, :goodbye=>
false)
=> “<a href=”/glucose_readings?goodbye=false&hello=true">hi"

foo.link_to “hi”, app.glucose_readings_path(:hello => true, :goodbye=>
false).html_safe
=> “<a href=”/glucose_readings?goodbye=false&hello=true">hi"

tamouse_m · September 2, 2014, 4:42pm

On Monday, 1 September 2014 15:50:34 UTC-4, tamouse wrote:

foo.link_to “hi”, app.glucose_readings_path(:hello => true, :goodbye=>
false)
=> “<a href=”/glucose_readings?goodbye=false&hello=true">hi"

This is the correct way to format links with & in them. Browsers
tolerate
the un-escaped version, but it’s not technically valid HTML…

–Matt J.

tamouse_m · September 4, 2014, 5:14am

On Tue, Sep 2, 2014 at 9:40 AM, Matt J. [email protected] wrote:

My assumption was that it would have been html_safe.

foo.link_to “hi”, app.glucose_readings_path(:hello => true,
:goodbye=> false)
=> “<a href="/glucose_readings?goodbye=false&hello=true">hi”

This is the correct way to format links with & in them. Browsers tolerate
the un-escaped version, but it’s not technically valid HTML…

You are so right! I never knew that.