content_tag should escape its input

Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
author: Bruno Michel <bmichel@menfin.info> 2010-02-13 19:53:26 -0200
committer: Yehuda Katz <yehudakatz@YK.local> 2010-02-14 12:03:28 -0800
commit: f86421fb282ff2d209914db736ca64380dab044d (patch)
tree: d539bc4dac34268b5ed973bcfc9f80744d059c88 /actionpack/test/template/form_tag_helper_test.rb
parent: 411c15ed5220cb07cfb1989d32be956f94a7478f (diff)
download: rails-f86421fb282ff2d209914db736ca64380dab044d.tar.gz
rails-f86421fb282ff2d209914db736ca64380dab044d.tar.bz2
rails-f86421fb282ff2d209914db736ca64380dab044d.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb
index 6ac5df1ea9..0ceec1afbf 100644
--- a/actionpack/test/template/form_tag_helper_test.rb
+++ b/actionpack/test/template/form_tag_helper_test.rb
@@ -127,19 +127,19 @@ class FormTagHelperTest < ActionView::TestCase
   end
 
   def test_select_tag
-    actual = select_tag "people", "<option>david</option>"
+    actual = select_tag "people", "<option>david</option>".html_safe
     expected = %(<select id="people" name="people"><option>david</option></select>)
     assert_dom_equal expected, actual
   end
 
   def test_select_tag_with_multiple
-    actual = select_tag "colors", "<option>Red</option><option>Blue</option><option>Green</option>", :multiple => :true
+    actual = select_tag "colors", "<option>Red</option><option>Blue</option><option>Green</option>".html_safe, :multiple => :true
     expected = %(<select id="colors" multiple="multiple" name="colors"><option>Red</option><option>Blue</option><option>Green</option></select>)
     assert_dom_equal expected, actual
   end
 
   def test_select_tag_disabled
-    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>", :disabled => :true
+    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, :disabled => :true
     expected = %(<select id="places" disabled="disabled" name="places"><option>Home</option><option>Work</option><option>Pub</option></select>)
     assert_dom_equal expected, actual
   end
@@ -150,13 +150,13 @@ class FormTagHelperTest < ActionView::TestCase
   end
 
   def test_select_tag_with_include_blank
-    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>", :include_blank => true
+    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, :include_blank => true
     expected = %(<select id="places" name="places"><option value=""></option><option>Home</option><option>Work</option><option>Pub</option></select>)
     assert_dom_equal expected, actual
   end
 
   def test_select_tag_with_include_blank_with_string
-    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>", :include_blank => "string"
+    actual = select_tag "places", "<option>Home</option><option>Work</option><option>Pub</option>".html_safe, :include_blank => "string"
     expected = %(<select id="places" name="places"><option value="">string</option><option>Home</option><option>Work</option><option>Pub</option></select>)
     assert_dom_equal expected, actual
   end
@@ -282,9 +282,9 @@ class FormTagHelperTest < ActionView::TestCase
     assert_dom_equal %(<input checked="checked" disabled="disabled" id="admin" name="admin" readonly="readonly" type="checkbox" value="1" />), check_box_tag("admin", 1, true, 'disabled' => true, :readonly => "yes")
     assert_dom_equal %(<input checked="checked" id="admin" name="admin" type="checkbox" value="1" />), check_box_tag("admin", 1, true, :disabled => false, :readonly => nil)
     assert_dom_equal %(<input type="checkbox" />), tag(:input, :type => "checkbox", :checked => false)
-    assert_dom_equal %(<select id="people" multiple="multiple" name="people[]"><option>david</option></select>), select_tag("people", "<option>david</option>", :multiple => true)
-    assert_dom_equal %(<select id="people_" multiple="multiple" name="people[]"><option>david</option></select>), select_tag("people[]", "<option>david</option>", :multiple => true)
-    assert_dom_equal %(<select id="people" name="people"><option>david</option></select>), select_tag("people", "<option>david</option>", :multiple => nil)
+    assert_dom_equal %(<select id="people" multiple="multiple" name="people[]"><option>david</option></select>), select_tag("people", "<option>david</option>".html_safe, :multiple => true)
+    assert_dom_equal %(<select id="people_" multiple="multiple" name="people[]"><option>david</option></select>), select_tag("people[]", "<option>david</option>".html_safe, :multiple => true)
+    assert_dom_equal %(<select id="people" name="people"><option>david</option></select>), select_tag("people", "<option>david</option>".html_safe, :multiple => nil)
   end
 
   def test_stringify_symbol_keys
author	Bruno Michel <bmichel@menfin.info>	2010-02-13 19:53:26 -0200
committer	Yehuda Katz <yehudakatz@YK.local>	2010-02-14 12:03:28 -0800
commit	f86421fb282ff2d209914db736ca64380dab044d (patch)
tree	d539bc4dac34268b5ed973bcfc9f80744d059c88 /actionpack/test/template/form_tag_helper_test.rb
parent	411c15ed5220cb07cfb1989d32be956f94a7478f (diff)
download	rails-f86421fb282ff2d209914db736ca64380dab044d.tar.gz rails-f86421fb282ff2d209914db736ca64380dab044d.tar.bz2 rails-f86421fb282ff2d209914db736ca64380dab044d.zip