diff options
| author | pseidemann <paul.seidemann@gmail.com> | 2013-11-08 17:13:59 +0100 |
|---|---|---|
| committer | pseidemann <paul.seidemann@gmail.com> | 2013-11-08 17:13:59 +0100 |
| commit | 881a2cc9071a3447d562ba358ccd1cf370124617 (patch) | |
| tree | 97293b4c62cec987fc52a5cd22e03e19f4f1ee3d /actionview | |
| parent | 37d4bfbfd9c49cdddcafdc135165b2d6932b074a (diff) | |
| download | rails-881a2cc9071a3447d562ba358ccd1cf370124617.tar.gz rails-881a2cc9071a3447d562ba358ccd1cf370124617.tar.bz2 rails-881a2cc9071a3447d562ba358ccd1cf370124617.zip | |
fix simple_format escapes own output when sanitize is set to true
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/CHANGELOG.md | 6 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/text_helper.rb | 2 | ||||
| -rw-r--r-- | actionview/test/template/text_helper_test.rb | 5 |
3 files changed, 11 insertions, 2 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 4adf1dbd8f..7d2fedbf2a 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,6 +1,10 @@ +* Fix `simple_format` escapes own output when passing `sanitize: true` + + *Paul Seidemann* + * Ensure ActionView::Digestor.cache is correctly cleaned up when combining recursive templates with ActionView::Resolver.caching = false - + *wyaeld* * Fix `collection_check_boxes` generated hidden input to use the name attribute provided diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index c23d605c5f..b0e4aa3cd3 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -268,7 +268,7 @@ module ActionView content_tag(wrapper_tag, nil, html_options) else paragraphs.map! { |paragraph| - content_tag(wrapper_tag, paragraph, html_options, options[:sanitize]) + content_tag(wrapper_tag, paragraph, html_options, false) }.join("\n\n").html_safe end end diff --git a/actionview/test/template/text_helper_test.rb b/actionview/test/template/text_helper_test.rb index c2999fcb85..c624326683 100644 --- a/actionview/test/template/text_helper_test.rb +++ b/actionview/test/template/text_helper_test.rb @@ -42,6 +42,11 @@ class TextHelperTest < ActionView::TestCase assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>") end + def test_simple_format_should_sanitize_input_when_sanitize_option_is_true + assert_equal '<p><b> test with unsafe string </b></p>', + simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true) + end + def test_simple_format_should_not_sanitize_input_when_sanitize_option_is_false assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>", {}, :sanitize => false) end |