diff options
| author | Jeff Kreeftmeijer <jeff@kreeftmeijer.nl> | 2010-10-11 20:39:12 +0200 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2010-11-02 19:38:28 -0200 |
| commit | bb9c58eb4aa637fa75c69c705a9918d6322ff834 (patch) | |
| tree | 1f6f113bdc943b1e96eb283f385383517d127aba | |
| parent | d446392f76c063d9f04396a1d3ca9e314a521671 (diff) | |
| download | rails-bb9c58eb4aa637fa75c69c705a9918d6322ff834.tar.gz rails-bb9c58eb4aa637fa75c69c705a9918d6322ff834.tar.bz2 rails-bb9c58eb4aa637fa75c69c705a9918d6322ff834.zip | |
Make sure capture's output gets html_escaped [#5545 state:resolved]
Also remove a duplicate test_link_to_unless assertion and add .html_safe to the
remaining one.
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
| -rw-r--r-- | actionpack/lib/action_view/helpers/capture_helper.rb | 3 | ||||
| -rw-r--r-- | actionpack/test/template/capture_helper_test.rb | 5 | ||||
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 7 |
3 files changed, 8 insertions, 7 deletions
diff --git a/actionpack/lib/action_view/helpers/capture_helper.rb b/actionpack/lib/action_view/helpers/capture_helper.rb index 0401e6a09b..2c805c8ecf 100644 --- a/actionpack/lib/action_view/helpers/capture_helper.rb +++ b/actionpack/lib/action_view/helpers/capture_helper.rb @@ -1,4 +1,5 @@ require 'active_support/core_ext/object/blank' +require 'active_support/core_ext/string/output_safety' module ActionView # = Action View Capture Helper @@ -38,7 +39,7 @@ module ActionView value = nil buffer = with_output_buffer { value = yield(*args) } if string = buffer.presence || value and string.is_a?(String) - string + html_escape string end end diff --git a/actionpack/test/template/capture_helper_test.rb b/actionpack/test/template/capture_helper_test.rb index 8f81076299..25da17bde9 100644 --- a/actionpack/test/template/capture_helper_test.rb +++ b/actionpack/test/template/capture_helper_test.rb @@ -28,6 +28,11 @@ class CaptureHelperTest < ActionView::TestCase assert_nil @av.capture { 1 } end + def test_capture_escapes_html + string = @av.capture { '<strong>foo</strong><em>bar</em>' } + assert_equal '<strong>foo</strong><em>bar</em>', string + end + def test_content_for assert ! content_for?(:title) content_for :title, 'title' diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index bc2548e06c..4a8cea36d4 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -263,12 +263,7 @@ class UrlHelperTest < ActiveSupport::TestCase assert_equal "<strong>Showing</strong>", link_to_unless(true, "Showing", url_hash) { |name| - "<strong>#{name}</strong>" - } - - assert_equal "<strong>Showing</strong>", - link_to_unless(true, "Showing", url_hash) { |name| - "<strong>#{name}</strong>" + "<strong>#{name}</strong>".html_safe } assert_equal "test", |