Using Rails' helpers

[mikker]

It's a little bit hard to use Rails' built-in helpers because of their way of not just returning strings (🙄)

Some examples

# renders nothing
def template
  helpers.submit_tag 'Hi', class: 'border-2 border-red-500'
end

# renders one button as expected
def template
  div do
    helpers.submit_tag 'Hi', class: 'border-2 border-red-500'
  end
end

# renders only last button
def template
  div do
    helpers.submit_tag 'Hi', class: 'border-2 border-red-500'
    helpers.submit_tag 'Ho', class: 'border-2 border-green-500'
  end
end

# renders both buttons as expected
def template
  div do
    capture do
      helpers.concat(helpers.submit_tag 'Hi', class: 'border-2 border-red-500')
      helpers.concat(helpers.submit_tag 'Ho', class: 'border-2 border-green-500')
    end
  end
end

I know some methods are wrapped. Could we wrap all of them? Or provide some other method of making sense of this? At the very least, I think we should add a page to the docs about this with examples.

I'll be happy to contribute such a page when I've tried and tested some more, if necessary.

[mikker]

Might be worth mentioning, the above examples were tested with <%= render ... %> inside of a regular template. <% render ... %> might get better results?

[joeldrapper]

The long-term goal is to move away from using Rails tag helpers — since they’re not as safe as Phlex tags. In the meantime, you have a few options:

1. You could use unsafe_raw to output the tags:

def template
  unsafe_raw helpers.submit_tag 'Hi', class: 'border-2 border-red-500'
  unsafe_raw helpers.submit_tag 'Ho', class: 'border-2 border-green-500'
end

unsafe_raw provides no safety, so it must never be used with user input, even if you're using a helper that you’d expect to be safe. For example, this will bypass Phlex safety and render a link with unsafe javascript in it.

user_profile = "javascript:alert(1)"
unsafe_raw link_to "Test", user_profile

2. You could use the form_with adapter, which wraps all the tag helpers from the yielded FormBuilder.

include Phlex::Rails::Helpers::FormWith

def template
  form_with do |f|
    f.submit 'Hi', class: 'border-2 border-red-500'
    f.submit 'Ho', class: 'border-2 border-green-500'
  end
end

3. You could use Phlex tags instead:

def template
  input(type: "submit", class: 'border-2 border-red-500') { 'Hi' }
  input(type: "submit", class: 'border-2 border-green-500') { 'Ho' }
end

Ultimately this is the best and safest option, but there's some work to do to make it easier. Rails form helpers include authenticity tokens automatically, for example. I would like to build helpers specifically for Phlex/Rails that do the same things.

[mikker]

I see your points. I converted it to Phlex tags and it worked as intended 👍

I do think though that this is an area that should be well described in the docs. Rails devs sort-of expect everything to be Rails (for better and for worse) so when it isn't Rails, it should probably be noted somewhere 😅