Infer name with link_to - Rails Tricks Issue 8
Hi, this week I want to tell you about an improvement coming in Rails 7.1.
When you are using the
link_to helper, it can infer the URL from the object you are passing to it as the second parameter:
link_to "Eileen", @profile #=> <a href="/profiles/1">Eileen</a>
Wouldn’t it be nice to infer the content of the a tag too? Thanks to Olivier Lacan, in Rails 7.1 that will be possible. You can specify what the text should be in the
to_s method of the object, and you will only need to pass the object to the helper:
class Profile < ApplicationRecord def to_s name end end link_to @profile #=> <a href="/profiles/1">Eileen</a>
I love these small improvements to the framework.
While we are talking about
link_to, I’d like to mention something about this helper. The second parameter accepts a string for the
href attribute of the
a tag. The HTML specification permits various protocols for that attribute, including
Now let’s say in your application a user can specify the URL for their blog and you pass that to
link_to "Greg's Blog", @user.blog_url
This user can set the blog URL to
To mitigate this issue, always validate the format of a URL your application accepts, especially if you intend to use it for linking to that URL.
That’s it for today. You may want to check out a post I wrote about a related topic about using
link_to_unless to conditionally render a link in Rails.
Did you enjoy reading this? Sign up to the Rails Tricks newsletter for more content like this!
Or follow me on Twitter
I run an indie startup providing vulnerability scanning for your Ruby on Rails app.It is free to use at the moment, and I am grateful for any feedback about it.
If you would like to give it a spin, you can do it here: Vulnerability Scanning for your Ruby on Rails app!