Merge branch 'master' of git://github.com/rails/rails

author: José Valim <jose.valim@gmail.com> 2009-06-27 21:27:21 +0200
committer: José Valim <jose.valim@gmail.com> 2009-06-27 21:27:21 +0200
commit: 85ff67ce4c0e95de9b855af7f7e7fbab7f7726de (patch)
tree: 3eb1914ed2ac7261405df22015fc4b33578bbe3c /actionpack
parent: e375819b76ac04bc60fd516b15bbe42c093eb547 (diff)
parent: 085db5e128ad4ad8fd042776722c78e194c6d0a4 (diff)
download: rails-85ff67ce4c0e95de9b855af7f7e7fbab7f7726de.tar.gz
rails-85ff67ce4c0e95de9b855af7f7e7fbab7f7726de.tar.bz2
rails-85ff67ce4c0e95de9b855af7f7e7fbab7f7726de.zip
4 files changed, 23 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/base/filter_parameter_logging.rb b/actionpack/lib/action_controller/base/filter_parameter_logging.rb
index 26cd03f277..065e62a37f 100644
--- a/actionpack/lib/action_controller/base/filter_parameter_logging.rb
+++ b/actionpack/lib/action_controller/base/filter_parameter_logging.rb
@@ -43,6 +43,10 @@ module ActionController
               filtered_parameters[key] = '[FILTERED]'
             elsif value.is_a?(Hash)
               filtered_parameters[key] = filter_parameters(value)
+            elsif value.is_a?(Array)
+              filtered_parameters[key] = value.collect do |item|
+                filter_parameters(item)
+              end
             elsif block_given?
               key = key.dup
               value = value.dup if value
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb
index 8ab78e7bc6..ca6ba501e2 100644
--- a/actionpack/lib/action_view/helpers/form_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb
@@ -231,6 +231,8 @@ module ActionView
       # * <tt>:rows</tt> - Specify the number of rows in the textarea
       # * <tt>:cols</tt> - Specify the number of columns in the textarea
       # * <tt>:disabled</tt> - If set to true, the user will not be able to use this input.
+      # * <tt>:escape</tt> - By default, the contents of the text input are HTML escaped.
+      #   If you need unescaped contents, set this to false.
       # * Any other key creates standard HTML attributes for the tag.
       #
       # ==== Examples
@@ -258,6 +260,9 @@ module ActionView
           options["cols"], options["rows"] = size.split("x") if size.respond_to?(:split)
         end
 
+        escape = options.key?("escape") ? options.delete("escape") : true
+        content = html_escape(content) if escape
+
         content_tag :textarea, content, { "name" => name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
       end
 
diff --git a/actionpack/test/controller/filter_params_test.rb b/actionpack/test/controller/filter_params_test.rb
index 8c9e4f81de..f7864745eb 100644
--- a/actionpack/test/controller/filter_params_test.rb
+++ b/actionpack/test/controller/filter_params_test.rb
@@ -40,7 +40,8 @@ class FilterParamTest < ActionController::TestCase
     [{'foo'=>'bar', 'bar'=>'foo'},{'foo'=>'[FILTERED]', 'bar'=>'foo'},%w'foo baz'],
     [{'foo'=>'bar', 'baz'=>'foo'},{'foo'=>'[FILTERED]', 'baz'=>'[FILTERED]'},%w'foo baz'],
     [{'bar'=>{'foo'=>'bar','bar'=>'foo'}},{'bar'=>{'foo'=>'[FILTERED]','bar'=>'foo'}},%w'fo'],
-    [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana']]
+    [{'foo'=>{'foo'=>'bar','bar'=>'foo'}},{'foo'=>'[FILTERED]'},%w'f banana'],
+    [{'baz'=>[{'foo'=>'baz'}]}, {'baz'=>[{'foo'=>'[FILTERED]'}]}, %w(foo)]]
 
     test_hashes.each do |before_filter, after_filter, filter_words|
       FilterParamController.filter_parameter_logging(*filter_words)
diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb
index 09d199b75d..f387123117 100644
--- a/actionpack/test/template/form_tag_helper_test.rb
+++ b/actionpack/test/template/form_tag_helper_test.rb
@@ -159,6 +159,18 @@ class FormTagHelperTest < ActionView::TestCase
     assert_match VALID_HTML_ID, input_elem['id']
   end
 
+  def test_text_area_tag_escape_content
+    actual = text_area_tag "body", "<b>hello world</b>", :size => "20x40"
+    expected = %(<textarea cols="20" id="body" name="body" rows="40">&lt;b&gt;hello world&lt;/b&gt;</textarea>)
+    assert_dom_equal expected, actual
+  end
+
+  def test_text_area_tag_unescaped_content
+    actual = text_area_tag "body", "<b>hello world</b>", :size => "20x40", :escape => false
+    expected = %(<textarea cols="20" id="body" name="body" rows="40"><b>hello world</b></textarea>)
+    assert_dom_equal expected, actual
+  end
+
   def test_text_field_tag
     actual = text_field_tag "title", "Hello!"
     expected = %(<input id="title" name="title" type="text" value="Hello!" />)
author	José Valim <jose.valim@gmail.com>	2009-06-27 21:27:21 +0200
committer	José Valim <jose.valim@gmail.com>	2009-06-27 21:27:21 +0200
commit	85ff67ce4c0e95de9b855af7f7e7fbab7f7726de (patch)
tree	3eb1914ed2ac7261405df22015fc4b33578bbe3c /actionpack
parent	e375819b76ac04bc60fd516b15bbe42c093eb547 (diff)
parent	085db5e128ad4ad8fd042776722c78e194c6d0a4 (diff)
download	rails-85ff67ce4c0e95de9b855af7f7e7fbab7f7726de.tar.gz rails-85ff67ce4c0e95de9b855af7f7e7fbab7f7726de.tar.bz2 rails-85ff67ce4c0e95de9b855af7f7e7fbab7f7726de.zip