Remove html_safe from buttons

This means the application will have to call `html_safe` on the thing itself. This seems to only be used by the `frontend` application.
alphagov · May 11, 2018 · 3cdf3a6 · 3cdf3a6
1 parent 125f6fc
commit 3cdf3a6
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Unreleased
 
+* The Button component no longer accepts unescaped HTML in the `info_text`,
+  you'll have to call `html_safe` on it yourself. Probably the only affected
+  application is `frontend` (#305)
 * Remove optional `canonical` meta tag (applications can add this tag explicitly if they need it)
 
 # 7.3.0

diff --git a/app/views/govuk_publishing_components/components/_button.html.erb b/app/views/govuk_publishing_components/components/_button.html.erb
@@ -18,12 +18,12 @@
   html_options[:title] = title if title
 %>
 <% if href %>
-  <%= link_to(text, href.try(:html_safe), html_options) %>
+  <%= link_to(text, href, html_options) %>
 <% else %>
   <%= button_tag(text, html_options) %>
 <% end %>
 <% if info_text %>
   <span class="gem-c-button__info-text">
-    <%= info_text.try(:html_safe) %>
+    <%= info_text %>
   </span>
 <% end %>