diff options
| author | rohit <rohit.arondekar@gmail.com> | 2010-06-08 16:52:48 +0530 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2010-06-08 17:00:11 +0200 |
| commit | 47bf19c8485ecead7280019c4815a2ed4f2161d5 (patch) | |
| tree | 4856bd09630c97ee5e8cee4defeb0f2ceb7445bd | |
| parent | 9d33c2ab6f29e7be32f3b3607f89f2fbc888853b (diff) | |
| download | rails-47bf19c8485ecead7280019c4815a2ed4f2161d5.tar.gz rails-47bf19c8485ecead7280019c4815a2ed4f2161d5.tar.bz2 rails-47bf19c8485ecead7280019c4815a2ed4f2161d5.zip | |
Made markdown honor :safe option and handle safe input. Also added tests for markdown.
[#4794 state:resolved]
Signed-off-by: José Valim <jose.valim@gmail.com>
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/text_helper.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/template/text_helper_test.rb | 36 |
3 files changed, 39 insertions, 2 deletions
@@ -46,6 +46,7 @@ end # AP gem "RedCloth", ">= 4.2.2" +gem "bluecloth", ">= 2.0.7" group :documentation do gem 'rdoc', '2.1' diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index 19f55143bf..8f63845d49 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -298,8 +298,8 @@ module ActionView # # markdown('') # # => '<p><img src="http://rubyonrails.com/images/rails.png" alt="The ROR logo" title="Ruby on Rails" /></p>' - def markdown(text, options = {}) - text = sanitize(text) unless options[:safe] + def markdown(text, *options) + text = sanitize(text) unless text.html_safe? || options.delete(:safe) (text.blank? ? "" : BlueCloth.new(text).to_html).html_safe end diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index 8c4711451e..64f1d46413 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -7,6 +7,12 @@ rescue LoadError $stderr.puts "Skipping textilize tests. `gem install RedCloth` to enable." end +begin + require 'bluecloth' +rescue LoadError + $stderr.puts "Skipping markdown tests. 'gem install bluecloth' to enable." +end + class TextHelperTest < ActionView::TestCase tests ActionView::Helpers::TextHelper include TestingSandbox @@ -726,4 +732,34 @@ class TextHelperTest < ActionView::TestCase assert_equal("This is one scary world.<br />\n True.", textilize_without_paragraph("This is one scary world.\n True.")) end end + + if defined? BlueCloth + def test_markdown_should_be_html_safe + assert markdown("We are using __Markdown__ now!").html_safe? + end + + def test_markdown + assert_equal("<p>We are using <strong>Markdown</strong> now!</p>", markdown("We are using __Markdown__ now!")) + end + + def test_markdown_with_blank + assert_equal("", markdown("")) + end + + def test_markdown_should_sanitize_unsafe_input + assert_equal("<p>This is worded <strong>strongly</strong></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>")) + end + + def test_markdown_should_not_sanitize_input_if_safe_option + assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>", :safe)) + end + + def test_markdown_should_not_sanitize_safe_input + assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>".html_safe)) + end + + def test_markdown_with_hard_breaks + assert_equal("<p>This is one scary world.</p>\n\n<p>True.</p>", markdown("This is one scary world.\n\nTrue.")) + end + end end |