diff options
author | Julien Letessier <julien.letessier@gmail.com> | 2013-12-13 16:53:18 +0000 |
---|---|---|
committer | Julien Letessier <julien.letessier@gmail.com> | 2013-12-14 10:10:47 +0000 |
commit | a764938ad0ddb0aa73bb86215626f24b980e3f55 (patch) | |
tree | 56f987fd0cfad5bc5afa7aa4ce7cfce11bb09439 /activesupport/lib/active_support | |
parent | 12affbe491e4ad7056c7bc1555cf223129cb2745 (diff) | |
download | rails-a764938ad0ddb0aa73bb86215626f24b980e3f55.tar.gz rails-a764938ad0ddb0aa73bb86215626f24b980e3f55.tar.bz2 rails-a764938ad0ddb0aa73bb86215626f24b980e3f55.zip |
Fixes interpolation on SafeBuffer
Interpolation was untested and did not work with hash arguments.
Adds
- support for interpolation with hash argument
- tests for the above
- tests for safe/unsafe interpolation
Diffstat (limited to 'activesupport/lib/active_support')
-rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 1b2098fc84..1b20507c0b 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -183,15 +183,14 @@ module ActiveSupport #:nodoc: end def %(args) - args = Array(args).map do |arg| - if !html_safe? || arg.html_safe? - arg - else - ERB::Util.h(arg) - end + case args + when Hash + escaped_args = Hash[args.map { |k,arg| [k, html_escape_interpolated_argument(arg)] }] + else + escaped_args = Array(args).map { |arg| html_escape_interpolated_argument(arg) } end - self.class.new(super(args)) + self.class.new(super(escaped_args)) end def html_safe? @@ -224,6 +223,12 @@ module ActiveSupport #:nodoc: EOT end end + + private + + def html_escape_interpolated_argument(arg) + (!html_safe? || arg.html_safe?) ? arg : ERB::Util.h(arg) + end end end |