diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2013-12-16 06:54:48 -0800 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2013-12-16 06:54:48 -0800 |
| commit | e7b8769cbc821f07f1bd3505999da8d610bed538 (patch) | |
| tree | 38c155f29c785a62940835445e0dce03a3224dac /activesupport | |
| parent | 4b4aeabb3605bd0cbd7dde10c1d2ac990c65379a (diff) | |
| parent | a764938ad0ddb0aa73bb86215626f24b980e3f55 (diff) | |
| download | rails-e7b8769cbc821f07f1bd3505999da8d610bed538.tar.gz rails-e7b8769cbc821f07f1bd3505999da8d610bed538.tar.bz2 rails-e7b8769cbc821f07f1bd3505999da8d610bed538.zip | |
Merge pull request #13321 from mezis/fix-safebuffer-interpolation-master
Fixes interpolation on SafeBuffer
Diffstat (limited to 'activesupport')
| -rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 19 | ||||
| -rw-r--r-- | activesupport/test/safe_buffer_test.rb | 25 |
2 files changed, 37 insertions, 7 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 1b2098fc84..1b20507c0b 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -183,15 +183,14 @@ module ActiveSupport #:nodoc: end def %(args) - args = Array(args).map do |arg| - if !html_safe? || arg.html_safe? - arg - else - ERB::Util.h(arg) - end + case args + when Hash + escaped_args = Hash[args.map { |k,arg| [k, html_escape_interpolated_argument(arg)] }] + else + escaped_args = Array(args).map { |arg| html_escape_interpolated_argument(arg) } end - self.class.new(super(args)) + self.class.new(super(escaped_args)) end def html_safe? @@ -224,6 +223,12 @@ module ActiveSupport #:nodoc: EOT end end + + private + + def html_escape_interpolated_argument(arg) + (!html_safe? || arg.html_safe?) ? arg : ERB::Util.h(arg) + end end end diff --git a/activesupport/test/safe_buffer_test.rb b/activesupport/test/safe_buffer_test.rb index 047b89be2a..efa9d5e61f 100644 --- a/activesupport/test/safe_buffer_test.rb +++ b/activesupport/test/safe_buffer_test.rb @@ -140,4 +140,29 @@ class SafeBufferTest < ActiveSupport::TestCase # should still be unsafe assert !y.html_safe?, "should not be safe" end + + test 'Should work with interpolation (array argument)' do + x = 'foo %s bar'.html_safe % ['qux'] + assert_equal 'foo qux bar', x + end + + test 'Should work with interpolation (hash argument)' do + x = 'foo %{x} bar'.html_safe % { x: 'qux' } + assert_equal 'foo qux bar', x + end + + test 'Should escape unsafe interpolated args' do + x = 'foo %{x} bar'.html_safe % { x: '<br/>' } + assert_equal 'foo <br/> bar', x + end + + test 'Should not escape safe interpolated args' do + x = 'foo %{x} bar'.html_safe % { x: '<br/>'.html_safe } + assert_equal 'foo <br/> bar', x + end + + test 'Should interpolate to a safe string' do + x = 'foo %{x} bar'.html_safe % { x: 'qux' } + assert x.html_safe?, 'should be safe' + end end |