Module: ActionView::Helpers::UrlHelper

Extended by:
ActiveSupport::Concern
Includes:
ContentExfiltrationPreventionHelper, TagHelper
Included in:
ActionView::Helpers, FormHelper, FormTagHelper
Defined in:
lib/action_view/helpers/url_helper.rb

Overview

Action View URL Helpers

Provides a set of methods for making links and getting URLs that depend on the routing subsystem (see ActionDispatch::Routing). This allows you to use the same format for links in views and controllers.

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

BUTTON_TAG_METHOD_VERBS =

This helper may be included in any class that includes the URL helpers of a routes (routes.url_helpers). Some methods provided here will only work in the context of a request (link_to_unless_current, for instance), which must be provided as a method called #request on the context.

%w{patch put delete}

Constants included from ContentExfiltrationPreventionHelper

ContentExfiltrationPreventionHelper::CLOSE_CDATA_COMMENT, ContentExfiltrationPreventionHelper::CLOSE_FORM_TAG, ContentExfiltrationPreventionHelper::CLOSE_OPTION_TAG, ContentExfiltrationPreventionHelper::CLOSE_QUOTES_COMMENT, ContentExfiltrationPreventionHelper::CONTENT_EXFILTRATION_PREVENTION_MARKUP

Constants included from TagHelper

TagHelper::ARIA_PREFIXES, TagHelper::BOOLEAN_ATTRIBUTES, TagHelper::DATA_PREFIXES, TagHelper::PRE_CONTENT_STRINGS, TagHelper::TAG_TYPES

Instance Method Summary collapse

Methods included from ContentExfiltrationPreventionHelper

#prevent_content_exfiltration

Methods included from TagHelper

build_tag_values, #cdata_section, #content_tag, ensure_valid_html5_tag_name, #escape_once, #tag, #token_list

Methods included from OutputSafetyHelper

#raw, #safe_join, #to_sentence

Methods included from CaptureHelper

#capture, #content_for, #content_for?, #provide, #with_output_buffer

Instance Method Details

#button_to(name = nil, options = nil, html_options = nil, &block) ⇒ Object

Generates a form containing a single button that submits to the URL created by the set of options. This is the safest method to ensure links that cause changes to your data are not triggered by search bots or accelerators.

You can control the form and button behavior with html_options. Most values in html_options are passed through to the button element. For example, passing a :class option within html_options will set the class attribute of the button element.

The class attribute of the form element can be set by passing a :form_class option within html_options. It defaults to "button_to" to allow styling of the form and its children.

The form submits a POST request by default if the object is not persisted; conversely, if the object is persisted, it will submit a PATCH request. To specify a different HTTP verb use the :method option within html_options.

If the HTML button generated from button_to does not work with your layout, you can consider using the link_to method with the data-turbo-method attribute as described in the link_to documentation.

Options

The options hash accepts the same options as url_for. To generate a <form> element without an [action] attribute, pass false:

<%= button_to "New", false %>
# => "<form method="post" class="button_to">
#      <button type="submit">New</button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6"/>
#    </form>"

Most values in html_options are passed through to the button element, but there are a few special options:

  • :method - Symbol of HTTP verb. Supported verbs are :post, :get, :delete, :patch, and :put. By default it will be :post.

  • :disabled - If set to true, it will generate a disabled button.

  • :data - This option can be used to add custom data attributes.

  • :form - This hash will be form attributes

  • :form_class - This controls the class of the form within which the submit button will be placed

  • :params - Hash of parameters to be rendered as hidden fields within the form.

Examples

<%= button_to "New", action: "new" %>
# => "<form method="post" action="/controller/new" class="button_to">
#      <button type="submit">New</button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6" autocomplete="off"/>
#    </form>"

<%= button_to "New", new_article_path %>
# => "<form method="post" action="/articles/new" class="button_to">
#      <button type="submit">New</button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6" autocomplete="off"/>
#    </form>"

<%= button_to "New", new_article_path, params: { time: Time.now  } %>
# => "<form method="post" action="/articles/new" class="button_to">
#      <button type="submit">New</button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6"/>
#      <input type="hidden" name="time" value="2021-04-08 14:06:09 -0500" autocomplete="off">
#    </form>"

<%= button_to [:make_happy, @user] do %>
  Make happy <strong><%= @user.name %></strong>
<% end %>
# => "<form method="post" action="/users/1/make_happy" class="button_to">
#      <button type="submit">
#        Make happy <strong><%= @user.name %></strong>
#      </button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6"  autocomplete="off"/>
#    </form>"

<%= button_to "New", { action: "new" }, form_class: "new-thing" %>
# => "<form method="post" action="/controller/new" class="new-thing">
#      <button type="submit">New</button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6"  autocomplete="off"/>
#    </form>"

<%= button_to "Create", { action: "create" }, form: { "data-type" => "json" } %>
# => "<form method="post" action="/images/create" class="button_to" data-type="json">
#      <button type="submit">Create</button>
#      <input name="authenticity_token" type="hidden" value="10f2163b45388899ad4d5ae948988266befcb6c3d1b2451cf657a0c293d605a6"  autocomplete="off"/>
#    </form>"


296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
# File 'lib/action_view/helpers/url_helper.rb', line 296

def button_to(name = nil, options = nil, html_options = nil, &block)
  html_options, options = options, name if block_given?
  html_options ||= {}
  html_options = html_options.stringify_keys

  url =
    case options
    when FalseClass then nil
    else url_for(options)
    end

  remote = html_options.delete("remote")
  params = html_options.delete("params")

  authenticity_token = html_options.delete("authenticity_token")

  method     = (html_options.delete("method").presence || method_for_options(options)).to_s
  method_tag = BUTTON_TAG_METHOD_VERBS.include?(method) ? method_tag(method) : "".html_safe

  form_method  = method == "get" ? "get" : "post"
  form_options = html_options.delete("form") || {}
  form_options[:class] ||= html_options.delete("form_class") || "button_to"
  form_options[:method] = form_method
  form_options[:action] = url
  form_options[:'data-remote'] = true if remote

  request_token_tag = if form_method == "post"
    request_method = method.empty? ? "post" : method
    token_tag(authenticity_token, form_options: { action: url, method: request_method })
  else
    ""
  end

  html_options = convert_options_to_data_attributes(options, html_options)
  html_options["type"] = "submit"

  button = if block_given?
    ("button", html_options, &block)
  elsif button_to_generates_button_tag
    ("button", name || url, html_options, &block)
  else
    html_options["value"] = name || url
    tag("input", html_options)
  end

  inner_tags = method_tag.safe_concat(button).safe_concat(request_token_tag)
  if params
    to_form_params(params).each do |param|
      inner_tags.safe_concat tag(:input, type: "hidden", name: param[:name], value: param[:value],
                                 autocomplete: "off")
    end
  end
  html = ("form", inner_tags, form_options)
  prevent_content_exfiltration(html)
end

#current_page?(options = nil, check_parameters: false, **options_as_kwargs) ⇒ Boolean

True if the current request URI was generated by the given options.

Examples

Let’s say we’re in the http://www.example.com/shop/checkout?order=desc&page=1 action.

current_page?(action: 'process')
# => false

current_page?(action: 'checkout')
# => true

current_page?(controller: 'library', action: 'checkout')
# => false

current_page?(controller: 'shop', action: 'checkout')
# => true

current_page?(controller: 'shop', action: 'checkout', order: 'asc')
# => false

current_page?(controller: 'shop', action: 'checkout', order: 'desc', page: '1')
# => true

current_page?(controller: 'shop', action: 'checkout', order: 'desc', page: '2')
# => false

current_page?('http://www.example.com/shop/checkout')
# => true

current_page?('http://www.example.com/shop/checkout', check_parameters: true)
# => false

current_page?('/shop/checkout')
# => true

current_page?('http://www.example.com/shop/checkout?order=desc&page=1')
# => true

Let’s say we’re in the http://www.example.com/products action with method POST in case of invalid product.

current_page?(controller: 'product', action: 'index')
# => false

We can also pass in the symbol arguments instead of strings.

Returns:

  • (Boolean)


548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
# File 'lib/action_view/helpers/url_helper.rb', line 548

def current_page?(options = nil, check_parameters: false, **options_as_kwargs)
  unless request
    raise "You cannot use helpers that need to determine the current " \
          "page unless your view context provides a Request object " \
          "in a #request method"
  end

  return false unless request.get? || request.head?

  options ||= options_as_kwargs
  check_parameters ||= options.is_a?(Hash) && options.delete(:check_parameters)
  url_string = URI::RFC2396_PARSER.unescape(url_for(options)).force_encoding(Encoding::BINARY)

  # We ignore any extra parameters in the request_uri if the
  # submitted URL doesn't have any either. This lets the function
  # work with things like ?order=asc
  # the behavior can be disabled with check_parameters: true
  request_uri = url_string.index("?") || check_parameters ? request.fullpath : request.path
  request_uri = URI::RFC2396_PARSER.unescape(request_uri).force_encoding(Encoding::BINARY)

  if %r{^\w+://}.match?(url_string)
    request_uri = +"#{request.protocol}#{request.host_with_port}#{request_uri}"
  end

  remove_trailing_slash!(url_string)
  remove_trailing_slash!(request_uri)

  url_string == request_uri
end

Creates an anchor element of the given name using a URL created by the set of options. See the valid options in the documentation for url_for. It’s also possible to pass a String instead of an options hash, which generates an anchor element that uses the value of the String as the href for the link. Using a :back Symbol instead of an options hash will generate a link to the referrer (a JavaScript back link will be used in place of a referrer if none exists). If nil is passed as the name the value of the link itself will become the name.

Signatures

link_to(body, url, html_options = {})
  # url is a String; you can use URL helpers like
  # posts_path

link_to(body, url_options = {}, html_options = {})
  # url_options, except :method, is passed to url_for

link_to(options = {}, html_options = {}) do
  # name
end

link_to(url, html_options = {}) do
  # name
end

link_to(active_record_model)

Options

  • :data - This option can be used to add custom data attributes.

Examples

Because it relies on url_for, link_to supports both older-style controller/action/id arguments and newer RESTful routes. Current Rails style favors RESTful routes whenever possible, so base your application on resources and use

link_to "Profile", profile_path(@profile)
# => <a href="/profiles/1">Profile</a>

or the even pithier

link_to "Profile", @profile
# => <a href="/profiles/1">Profile</a>

in place of the older more verbose, non-resource-oriented

link_to "Profile", controller: "profiles", action: "show", id: @profile
# => <a href="/profiles/show/1">Profile</a>

Similarly,

link_to "Profiles", profiles_path
# => <a href="/profiles">Profiles</a>

is better than

link_to "Profiles", controller: "profiles"
# => <a href="/profiles">Profiles</a>

When name is nil the href is presented instead

link_to nil, "http://example.com"
# => <a href="http://www.example.com">http://www.example.com</a>

More concise yet, when name is an Active Record model that defines a to_s method returning a default value or a model instance attribute

link_to @profile
# => <a href="http://www.example.com/profiles/1">Eileen</a>

You can use a block as well if your link target is hard to fit into the name parameter. ERB example:

<%= link_to(@profile) do %>
  <strong><%= @profile.name %></strong> -- <span>Check it out!</span>
<% end %>
# => <a href="/profiles/1">
       <strong>David</strong> -- <span>Check it out!</span>
     </a>

Classes and ids for CSS are easy to produce:

link_to "Articles", articles_path, id: "news", class: "article"
# => <a href="/articles" class="article" id="news">Articles</a>

Be careful when using the older argument style, as an extra literal hash is needed:

link_to "Articles", { controller: "articles" }, id: "news", class: "article"
# => <a href="/articles" class="article" id="news">Articles</a>

Leaving the hash off gives the wrong link:

link_to "WRONG!", controller: "articles", id: "news", class: "article"
# => <a href="/articles/index/news?class=article">WRONG!</a>

link_to can also produce links with anchors or query strings:

link_to "Comment wall", profile_path(@profile, anchor: "wall")
# => <a href="/profiles/1#wall">Comment wall</a>

link_to "Ruby on Rails search", controller: "searches", query: "ruby on rails"
# => <a href="/searches?query=ruby+on+rails">Ruby on Rails search</a>

link_to "Nonsense search", searches_path(foo: "bar", baz: "quux")
# => <a href="/searches?foo=bar&baz=quux">Nonsense search</a>

You can set any link attributes such as target, rel, type:

link_to "External link", "http://www.rubyonrails.org/", target: "_blank", rel: "nofollow"
# => <a href="http://www.rubyonrails.org/" target="_blank" rel="nofollow">External link</a>

Turbo

Rails 7 ships with Turbo enabled by default. Turbo provides the following :data options:

  • turbo_method: symbol of HTTP verb - Performs a Turbo link visit with the given HTTP verb. Forms are recommended when performing non-GET requests. Only use data-turbo-method where a form is not possible.

  • turbo_confirm: "question?" - Adds a confirmation dialog to the link with the given value.

Consult the Turbo Handbook for more information on the options above.

Examples
link_to "Delete profile", @profile, data: { turbo_method: :delete }
# => <a href="/profiles/1" data-turbo-method="delete">Delete profile</a>

link_to "Visit Other Site", "https://rubyonrails.org/", data: { turbo_confirm: "Are you sure?" }
# => <a href="https://rubyonrails.org/" data-turbo-confirm="Are you sure?">Visit Other Site</a>


198
199
200
201
202
203
204
205
206
207
208
# File 'lib/action_view/helpers/url_helper.rb', line 198

def link_to(name = nil, options = nil, html_options = nil, &block)
  html_options, options, name = options, name, block if block_given?
  options ||= {}

  html_options = convert_options_to_data_attributes(options, html_options)

  url = url_target(name, options)
  html_options["href"] ||= url

  ("a", name || url, html_options, &block)
end

Creates a link tag of the given name using a URL created by the set of options if condition is true, otherwise only the name is returned. To specialize the default behavior, you can pass a block that accepts the name or the full argument list for link_to_if.

Examples

<%= link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) %>
# If the user isn't logged in...
# => <a href="/sessions/new/">Login</a>

<%=
   link_to_if(@current_user.nil?, "Login", { controller: "sessions", action: "new" }) do
     link_to(@current_user.login, { controller: "accounts", action: "show", id: @current_user })
   end
%>
# If the user isn't logged in...
# => <a href="/sessions/new/">Login</a>
# If they are logged in...
# => <a href="/accounts/show/3">my_username</a>


437
438
439
440
441
442
443
444
445
446
447
# File 'lib/action_view/helpers/url_helper.rb', line 437

def link_to_if(condition, name, options = {}, html_options = {}, &block)
  if condition
    link_to(name, options, html_options)
  else
    if block_given?
      block.arity <= 1 ? capture(name, &block) : capture(name, options, html_options, &block)
    else
      ERB::Util.html_escape(name)
    end
  end
end

Creates a link tag of the given name using a URL created by the set of options unless condition is true, in which case only the name is returned. To specialize the default behavior (i.e., show a login link rather than just the plaintext link text), you can pass a block that accepts the name or the full argument list for link_to_unless.

Examples

<%= link_to_unless(@current_user.nil?, "Reply", { action: "reply" }) %>
# If the user is logged in...
# => <a href="/controller/reply/">Reply</a>

<%=
   link_to_unless(@current_user.nil?, "Reply", { action: "reply" }) do |name|
     link_to(name, { controller: "accounts", action: "signup" })
   end
%>
# If the user is logged in...
# => <a href="/controller/reply/">Reply</a>
# If not...
# => <a href="/accounts/signup">Reply</a>


414
415
416
# File 'lib/action_view/helpers/url_helper.rb', line 414

def link_to_unless(condition, name, options = {}, html_options = {}, &block)
  link_to_if !condition, name, options, html_options, &block
end

Creates a link tag of the given name using a URL created by the set of options unless the current request URI is the same as the links, in which case only the name is returned (or the given block is yielded, if one exists). You can give link_to_unless_current a block which will specialize the default behavior (e.g., show a “Start Here” link rather than the link’s text).

Examples

Let’s say you have a navigation menu…

<ul id="navbar">
  <li><%= link_to_unless_current("Home", { action: "index" }) %></li>
  <li><%= link_to_unless_current("About Us", { action: "about" }) %></li>
</ul>

If in the “about” action, it will render…

<ul id="navbar">
  <li><a href="/controller/index">Home</a></li>
  <li>About Us</li>
</ul>

…but if in the “index” action, it will render:

<ul id="navbar">
  <li>Home</li>
  <li><a href="/controller/about">About Us</a></li>
</ul>

The implicit block given to link_to_unless_current is evaluated if the current action is the action given. So, if we had a comments page and wanted to render a “Go Back” link instead of a link to the comments page, we could do something like this…

<%=
    link_to_unless_current("Comment", { controller: "comments", action: "new" }) do
       link_to("Go back", { controller: "posts", action: "index" })
    end
 %>


390
391
392
# File 'lib/action_view/helpers/url_helper.rb', line 390

def link_to_unless_current(name, options = {}, html_options = {}, &block)
  link_to_unless current_page?(options), name, options, html_options, &block
end

#mail_to(email_address, name = nil, html_options = {}, &block) ⇒ Object

Creates a mailto link tag to the specified email_address, which is also used as the name of the link unless name is specified. Additional HTML attributes for the link can be passed in html_options.

mail_to has several methods for customizing the email itself by passing special keys to html_options.

Options

  • :subject - Preset the subject line of the email.

  • :body - Preset the body of the email.

  • :cc - Carbon Copy additional recipients on the email.

  • :bcc - Blind Carbon Copy additional recipients on the email.

  • :reply_to - Preset the Reply-To field of the email.

Obfuscation

Prior to Rails 4.0, mail_to provided options for encoding the address in order to hinder email harvesters. To take advantage of these options, install the actionview-encoded_mail_to gem.

Examples

mail_to "me@domain.com"
# => <a href="mailto:me@domain.com">me@domain.com</a>

mail_to "me@domain.com", "My email"
# => <a href="mailto:me@domain.com">My email</a>

mail_to "me@domain.com", cc: "ccaddress@domain.com",
         subject: "This is an example email"
# => <a href="mailto:me@domain.com?cc=ccaddress@domain.com&subject=This%20is%20an%20example%20email">me@domain.com</a>

You can use a block as well if your link target is hard to fit into the name parameter. ERB example:

<%= mail_to "me@domain.com" do %>
  <strong>Email me:</strong> <span>me@domain.com</span>
<% end %>
# => <a href="mailto:me@domain.com">
       <strong>Email me:</strong> <span>me@domain.com</span>
     </a>


487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
# File 'lib/action_view/helpers/url_helper.rb', line 487

def mail_to(email_address, name = nil, html_options = {}, &block)
  html_options, name = name, nil if name.is_a?(Hash)
  html_options = (html_options || {}).stringify_keys

  extras = %w{ cc bcc body subject reply_to }.map! { |item|
    option = html_options.delete(item).presence || next
    "#{item.dasherize}=#{ERB::Util.url_encode(option)}"
  }.compact
  extras = extras.empty? ? "" : "?" + extras.join("&")

  encoded_email_address = ERB::Util.url_encode(email_address).gsub("%40", "@")
  html_options["href"] = "mailto:#{encoded_email_address}#{extras}"

  ("a", name || email_address, html_options, &block)
end

#phone_to(phone_number, name = nil, html_options = {}, &block) ⇒ Object

Creates a TEL anchor link tag to the specified phone_number. When the link is clicked, the default app to make phone calls is opened and prepopulated with the phone number.

If name is not specified, phone_number will be used as the name of the link.

A country_code option is supported, which prepends a plus sign and the given country code to the linked phone number. For example, country_code: "01" will prepend +01 to the linked phone number.

Additional HTML attributes for the link can be passed via html_options.

Options

  • :country_code - Prepends the country code to the phone number

Examples

phone_to "1234567890"
# => <a href="tel:1234567890">1234567890</a>

phone_to "1234567890", "Phone me"
# => <a href="tel:1234567890">Phone me</a>

phone_to "1234567890", country_code: "01"
# => <a href="tel:+011234567890">1234567890</a>

You can use a block as well if your link target is hard to fit into the name parameter. ERB example:

<%= phone_to "1234567890" do %>
  <strong>Phone me:</strong>
<% end %>
# => <a href="tel:1234567890">
       <strong>Phone me:</strong>
     </a>


669
670
671
672
673
674
675
676
677
678
679
680
# File 'lib/action_view/helpers/url_helper.rb', line 669

def phone_to(phone_number, name = nil, html_options = {}, &block)
  html_options, name = name, nil if name.is_a?(Hash)
  html_options = (html_options || {}).stringify_keys

  country_code = html_options.delete("country_code").presence
  country_code = country_code.nil? ? "" : "+#{ERB::Util.url_encode(country_code)}"

  encoded_phone_number = ERB::Util.url_encode(phone_number)
  html_options["href"] = "tel:#{country_code}#{encoded_phone_number}"

  ("a", name || phone_number, html_options, &block)
end

#sms_to(phone_number, name = nil, html_options = {}, &block) ⇒ Object

Creates an SMS anchor link tag to the specified phone_number. When the link is clicked, the default SMS messaging app is opened ready to send a message to the linked phone number. If the body option is specified, the contents of the message will be preset to body.

If name is not specified, phone_number will be used as the name of the link.

A country_code option is supported, which prepends a plus sign and the given country code to the linked phone number. For example, country_code: "01" will prepend +01 to the linked phone number.

Additional HTML attributes for the link can be passed via html_options.

Options

  • :country_code - Prepend the country code to the phone number.

  • :body - Preset the body of the message.

Examples

sms_to "5155555785"
# => <a href="sms:5155555785;">5155555785</a>

sms_to "5155555785", country_code: "01"
# => <a href="sms:+015155555785;">5155555785</a>

sms_to "5155555785", "Text me"
# => <a href="sms:5155555785;">Text me</a>

sms_to "5155555785", body: "I have a question about your product."
# => <a href="sms:5155555785;?body=I%20have%20a%20question%20about%20your%20product">5155555785</a>

You can use a block as well if your link target is hard to fit into the name parameter. ERB example:

<%= sms_to "5155555785" do %>
  <strong>Text me:</strong>
<% end %>
# => <a href="sms:5155555785;">
       <strong>Text me:</strong>
     </a>


618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
# File 'lib/action_view/helpers/url_helper.rb', line 618

def sms_to(phone_number, name = nil, html_options = {}, &block)
  html_options, name = name, nil if name.is_a?(Hash)
  html_options = (html_options || {}).stringify_keys

  country_code = html_options.delete("country_code").presence
  country_code = country_code ? "+#{ERB::Util.url_encode(country_code)}" : ""

  body = html_options.delete("body").presence
  body = body ? "?&body=#{ERB::Util.url_encode(body)}" : ""

  encoded_phone_number = ERB::Util.url_encode(phone_number)
  html_options["href"] = "sms:#{country_code}#{encoded_phone_number};#{body}"

  ("a", name || phone_number, html_options, &block)
end

#url_for(options = nil) ⇒ Object

Basic implementation of url_for to allow use helpers without routes existence



38
39
40
41
42
43
44
45
46
47
48
# File 'lib/action_view/helpers/url_helper.rb', line 38

def url_for(options = nil) # :nodoc:
  case options
  when String
    options
  when :back
    _back_url
  else
    raise ArgumentError, "arguments passed to url_for can't be handled. Please require " \
                         "routes or provide your own implementation"
  end
end