Override <%== to always behave as literal text rather than toggling based on whether escaping is enabled. Fixes that existing plaintext email templates using <%== unexpectedly flipped to *escaping* HTML when #8235 was merged.

1 files changed, 11 insertions, 0 deletions

diff --git a/actionpack/lib/action_view/template/handlers/erb.rb b/actionpack/lib/action_view/template/handlers/erb.rb
index 731d8f9dab..afbbece90f 100644
--- a/actionpack/lib/action_view/template/handlers/erb.rb
+++ b/actionpack/lib/action_view/template/handlers/erb.rb
@@ -14,6 +14,17 @@ module ActionView
           src << "@output_buffer.safe_concat('" << escape_text(text) << "');"
         end
 
+        # Erubis toggles <%= and <%== behavior when escaping is enabled.
+        # We override to always treat <%== as escaped.
+        def add_expr(src, code, indicator)
+          case indicator
+          when '=='
+            add_expr_escaped(src, code)
+          else
+            super
+          end
+        end
+
         BLOCK_EXPR = /\s+(do|\{)(\s*\|[^|]*\|)?\s*\Z/
 
         def add_expr_literal(src, code)