diff options
| -rw-r--r-- | actionpack/CHANGELOG | 44 | ||||
| -rw-r--r-- | actionpack/lib/action_view/template.rb | 3 | ||||
| -rw-r--r-- | actionpack/test/template/template_test.rb | 5 |
3 files changed, 31 insertions, 21 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 5314dcc193..1965906df9 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,28 @@ *Rails 3.2.0 (unreleased)* +* Refactor ActionController::TestCase cookies [Andrew White] + + Assigning cookies for test cases should now use cookies[], e.g: + + cookies[:email] = 'user@example.com' + get :index + assert_equal 'user@example.com', cookies[:email] + + To clear the cookies, use clear, e.g: + + cookies.clear + get :index + assert_nil cookies[:email] + + We now no longer write out HTTP_COOKIE and the cookie jar is + persistent between requests so if you need to manipulate the environment + for your test you need to do it before the cookie jar is created. + + +*Rails 3.1.0 (unreleased)* + +* json_escape will now return a SafeBuffer string if it receives SafeBuffer string [tenderlove] + * Make sure escape_js returns SafeBuffer string if it receives SafeBuffer string [Prem Sichanugrist] * Fix escape_js to work correctly with the new SafeBuffer restriction [Paul Gallagher] @@ -31,27 +54,6 @@ You can read more about this change in http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2e516e7acc96c4fb -* Refactor ActionController::TestCase cookies [Andrew White] - - Assigning cookies for test cases should now use cookies[], e.g: - - cookies[:email] = 'user@example.com' - get :index - assert_equal 'user@example.com', cookies[:email] - - To clear the cookies, use clear, e.g: - - cookies.clear - get :index - assert_nil cookies[:email] - - We now no longer write out HTTP_COOKIE and the cookie jar is - persistent between requests so if you need to manipulate the environment - for your test you need to do it before the cookie jar is created. - - -*Rails 3.1.0 (unreleased)* - * Added 'ActionView::Helpers::FormHelper.fields_for_with_index', similar to fields_for but allows to have access to the current iteration index [Jorge Bejar] * Warn if we cannot verify CSRF token authenticity [José Valim] diff --git a/actionpack/lib/action_view/template.rb b/actionpack/lib/action_view/template.rb index 10797c010f..9c59d18310 100644 --- a/actionpack/lib/action_view/template.rb +++ b/actionpack/lib/action_view/template.rb @@ -218,6 +218,9 @@ module ActionView method_name = self.method_name if source.encoding_aware? + # Avoid performing in-place mutation for SafeBuffer + @source = source.to_str if source.html_safe? + # Look for # encoding: *. If we find one, we'll encode the # String in that encoding, otherwise, we'll use the # default external encoding. diff --git a/actionpack/test/template/template_test.rb b/actionpack/test/template/template_test.rb index b0ca7de0b6..2beb168a9d 100644 --- a/actionpack/test/template/template_test.rb +++ b/actionpack/test/template/template_test.rb @@ -172,5 +172,10 @@ class TestERBTemplate < ActiveSupport::TestCase ensure silence_warnings { Encoding.default_external = old } end + + def test_render_inline_safebuffer_should_not_raise_error + @template = new_template("Hello".html_safe) + render + end end end |