diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-16 11:17:42 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-16 11:17:42 -0700 |
commit | 2ee8ed4e71a35bf784d6e06690ac6c6cce059734 (patch) | |
tree | 199d7c2a3494096224101f55b96a2ac19ff3ad11 | |
parent | aa964204b867b3e69c1e68fbaec101ce9cbaa0ef (diff) | |
parent | 9fb21e98e2a3c8c19dce8a2c4bb8a850af65a054 (diff) | |
download | rails-2ee8ed4e71a35bf784d6e06690ac6c6cce059734.tar.gz rails-2ee8ed4e71a35bf784d6e06690ac6c6cce059734.tar.bz2 rails-2ee8ed4e71a35bf784d6e06690ac6c6cce059734.zip |
Merge pull request #6353 from nashby/safe-interpolation
fix safe string interpolation with SafeBuffer#%
-rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 14 | ||||
-rw-r--r-- | activesupport/test/core_ext/string_ext_test.rb | 24 |
2 files changed, 38 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 6bda970e40..f98d5b3777 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -150,6 +150,20 @@ module ActiveSupport #:nodoc: dup.concat(other) end + def %(args) + args = Array(args) + + args.map! do |arg| + if !html_safe? || arg.html_safe? + arg + else + ERB::Util.h(arg) + end + end + + self.class.new(super(args)) + end + def html_safe? defined?(@html_safe) && @html_safe end diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb index 9010a4a716..eee2caa60e 100644 --- a/activesupport/test/core_ext/string_ext_test.rb +++ b/activesupport/test/core_ext/string_ext_test.rb @@ -439,6 +439,30 @@ class OutputSafetyTest < ActiveSupport::TestCase assert @other_string.html_safe? end + test "Concatting safe onto unsafe with % yields unsafe" do + @other_string = "other%s" + string = @string.html_safe + + @other_string = @other_string % string + assert !@other_string.html_safe? + end + + test "Concatting unsafe onto safe with % yields escaped safe" do + @other_string = "other%s".html_safe + string = @other_string % "<foo>" + + assert_equal "other<foo>", string + assert string.html_safe? + end + + test "Concatting safe onto safe with % yields safe" do + @other_string = "other%s".html_safe + string = @string.html_safe + + @other_string = @other_string % string + assert @other_string.html_safe? + end + test "Concatting a fixnum to safe always yields safe" do string = @string.html_safe string = string.concat(13) |