diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-05-18 12:01:26 -0700 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-05-18 12:01:26 -0700 |
| commit | a6dbc3fe7a504805572e634d39e37fd63ba7fd45 (patch) | |
| tree | b5ca003d51784280ee77889bd92de9001c8afe61 | |
| parent | 476ef2df74e1fb3646780950a3be1af85aa43adc (diff) | |
| parent | 2c423b3f3f0d489b0e9943b69f5b25d97006ca74 (diff) | |
| download | rails-a6dbc3fe7a504805572e634d39e37fd63ba7fd45.tar.gz rails-a6dbc3fe7a504805572e634d39e37fd63ba7fd45.tar.bz2 rails-a6dbc3fe7a504805572e634d39e37fd63ba7fd45.zip | |
Merge pull request #6355 from amutz/fix_number_with_delimiter_escaping
NumberHelper.number_with_delimiter should html_escape both delimiters and separators
| -rw-r--r-- | actionpack/lib/action_view/helpers/number_helper.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/number_helper_test.rb | 2 | ||||
| -rw-r--r-- | activesupport/lib/active_support/testing/performance.rb | 1 |
3 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb index 62455b97f9..dfc26acfad 100644 --- a/actionpack/lib/action_view/helpers/number_helper.rb +++ b/actionpack/lib/action_view/helpers/number_helper.rb @@ -254,7 +254,7 @@ module ActionView parts = number.to_s.to_str.split('.') parts[0].gsub!(/(\d)(?=(\d\d\d)+(?!\d))/, "\\1#{options[:delimiter]}") - parts.join(options[:separator]).html_safe + safe_join(parts, options[:separator]) end # Formats a +number+ with the specified level of diff --git a/actionpack/test/template/number_helper_test.rb b/actionpack/test/template/number_helper_test.rb index 5c6f23d70b..14ca6d9879 100644 --- a/actionpack/test/template/number_helper_test.rb +++ b/actionpack/test/template/number_helper_test.rb @@ -78,6 +78,8 @@ class NumberHelperTest < ActionView::TestCase assert_equal '12,345,678-05', number_with_delimiter(12345678.05, :separator => '-') assert_equal '12.345.678,05', number_with_delimiter(12345678.05, :separator => ',', :delimiter => '.') assert_equal '12.345.678,05', number_with_delimiter(12345678.05, :delimiter => '.', :separator => ',') + assert_equal '1<script></script>01', number_with_delimiter(1.01, :separator => "<script></script>") + assert_equal '1<script></script>000', number_with_delimiter(1000, :delimiter => "<script></script>") end def test_number_with_precision diff --git a/activesupport/lib/active_support/testing/performance.rb b/activesupport/lib/active_support/testing/performance.rb index ec6986654e..2bea0f991a 100644 --- a/activesupport/lib/active_support/testing/performance.rb +++ b/activesupport/lib/active_support/testing/performance.rb @@ -196,6 +196,7 @@ module ActiveSupport class Base include ActionView::Helpers::NumberHelper + include ActionView::Helpers::OutputSafetyHelper attr_reader :total |