2 files changed, 51 insertions, 1 deletions

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 90e649a..6de5e1b 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -40,8 +40,9 @@ module ApplicationHelper
     end
   end
 
+  # fairly strict sanitation for flash messages
   def format_flash(msg)
-    html_escape(msg).gsub('[b]', '<b>').gsub('[/b]', '</b>').html_safe
+    sanitize(msg, tags: %w(em strong b br), attributes: [])
   end
 
 end
diff --git a/app/helpers/link_helper.rb b/app/helpers/link_helper.rb
new file mode 100644
index 0000000..55e392b
--- /dev/null
+++ b/app/helpers/link_helper.rb
@@ -0,0 +1,49 @@
+module LinkHelper
+
+  #
+  # markup for bootstrap button
+  #
+  # takes same arguments as link_to and adds a 'btn' class.
+  # In addition:
+  # * the name will be translated if it is a symbol
+  # * html_options[:type] will be converted into a btn-type class
+  #
+  # example:
+  # btn :home, home_path, type: [:large, :primary]
+  #
+  def btn(*args, &block)
+    html_options = extract_html_options!(args, &block)
+    type = Array(html_options.delete(:type))
+    type.map! {|t| "btn-#{t}"}
+    html_options[:class] = concat_classes(html_options[:class], 'btn', type)
+    args[0] = t(args[0]) if args[0].is_a?(Symbol)
+    link_to *args, html_options, &block
+  end
+
+  def destroy_btn(*args, &block)
+    html_options = extract_html_options!(args, &block)
+    confirmation = t "#{controller_symbol}.confirm.destroy.are_you_sure",
+      cascade: true
+    html_options.merge! method: :delete, confirm: confirmation
+    btn *args, html_options, &block
+  end
+
+  #
+  # concat_classes will combine classes in a fairly flexible way.
+  # it can handle nil, arrays, space separated strings
+  # it returns a space separated string of classes.
+  def concat_classes(*classes)
+    classes.compact!
+    classes.map {|c| c.respond_to?(:split) ? c.split(' ') : c }
+    classes.flatten!
+    classes.join ' '
+  end
+
+  def extract_html_options!(args)
+    if args.count > 2 or args.count > 1 && block_given?
+      args.extract_options!
+    else
+      {}
+    end
+  end
+end