Output of *_path not html_safe?

From a lengthy discussion on #RubyOnRails@freenode.net, I am wondering about something. The *_path and *_url methods return plain String objects, not an ActiveSupport::SafeBuffer. If something is passed into (say) link_to that contains an escapable character, such as & in a query string, link_to will escape it.

I haven’t encountered people putting .html_safe on *_path methods before, so I didn’t know about this. Is this something well-known? Is it expected? My assumption was that it would have been html_safe.

Anyone have any thoughts on this?

Example:

app.glucose_readings_path(:hello => true, :goodbye=> false)

=> “/glucose_readings?goodbye=false&hello=true”

app.glucose_readings_path(:hello => true, :goodbye=> false).class

=> String < Object

foo.link_to “hi”, app.glucose_readings_path(:hello => true, :goodbye=> false)

=> “<a href=”/glucose_readings?goodbye=false&hello=true">hi"

foo.link_to “hi”, app.glucose_readings_path(:hello => true, :goodbye=> false).html_safe

=> “<a href=”/glucose_readings?goodbye=false&hello=true">hi"

This is the correct way to format links with & in them. Browsers tolerate the un-escaped version, but it’s not technically valid HTML…

–Matt Jones

You are so right! I never knew that.