Forum: Ruby on Rails why does text_field not html_escape properly?

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
5a20e69eb2f7cf5fea92241d4095f4c2?d=identicon&s=25 Xavier Shay (Guest)
on 2007-03-29 01:07
Can someone fill me in on the rationale for using escape_once over
html_escape for the text_field helper?

To me, if I have "& >" stored in my DB, it makes sense that that is
the value that should be displayed in a text_field. To do this, it
should be escaped to give:
<input ... value="&amp; &amp;gt;" />

Current behaviour is:
<input ... value="&amp; &gt;" />

Relevant code is in actionpack/lib/action_view/helpers/tag_helper.rb

A test to add to actionpack/test/template/form_tag_helper_test.rb
(currently fails)

  def test_text_field_with_html_entities_in_value
    @post.title = "& &gt;"
      '<input id="post_title" name="post[title]" size="30" type="text"
value="&amp; &amp;gt;" />', text_field("post", "title")

This topic is locked and can not be replied to.