diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2016-01-05 16:48:09 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2016-01-05 16:54:39 -0300 |
| commit | 8a998b0fa7523c2c8eb6d0cf56e40408bf6e9b2e (patch) | |
| tree | ef2882e2bc4ac881234c39b72e85893567570ef7 /actionview/lib/action_view/template/handlers | |
| parent | 3d90a6348d1541a2ecd00d959f9eec99ec78905a (diff) | |
| download | rails-8a998b0fa7523c2c8eb6d0cf56e40408bf6e9b2e.tar.gz rails-8a998b0fa7523c2c8eb6d0cf56e40408bf6e9b2e.tar.bz2 rails-8a998b0fa7523c2c8eb6d0cf56e40408bf6e9b2e.zip | |
Add Html template handler that wraps Raw output in an OutputBuffer
This fixes the case when you try to render an html you know safe and the
file is named something.html. With this commit the content of the html
won't be escaped anymore because AV won't use Raw handler and choose
Html handler instead.
Diffstat (limited to 'actionview/lib/action_view/template/handlers')
| -rw-r--r-- | actionview/lib/action_view/template/handlers/html.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/actionview/lib/action_view/template/handlers/html.rb b/actionview/lib/action_view/template/handlers/html.rb new file mode 100644 index 0000000000..ccaa8d1469 --- /dev/null +++ b/actionview/lib/action_view/template/handlers/html.rb @@ -0,0 +1,9 @@ +module ActionView + module Template::Handlers + class Html < Raw + def call(template) + "ActionView::OutputBuffer.new #{super}" + end + end + end +end |