diff options
-rw-r--r-- | actionpack/lib/action_view/helpers/text_helper.rb | 8 | ||||
-rw-r--r-- | actionpack/test/template/text_helper_test.rb | 17 |
2 files changed, 12 insertions, 13 deletions
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index a06073ce66..700c0b9e3b 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -74,7 +74,7 @@ module ActionView options.reverse_merge!(:length => 30) - text = sanitize(text) unless text.html_safe? || options[:safe] + text = h(text) unless text.html_safe? || options[:safe] text.truncate(options.delete(:length), options) if text end @@ -106,7 +106,7 @@ module ActionView end options.reverse_merge!(:highlighter => '<strong class="highlight">\1</strong>') - text = sanitize(text) unless text.html_safe? || options[:safe] + text = h(text) unless text.html_safe? || options[:safe] if text.blank? || phrases.blank? text else @@ -244,7 +244,7 @@ module ActionView def simple_format(text, html_options={}, options={}) text = '' if text.nil? start_tag = tag('p', html_options, true) - text = sanitize(text) unless text.html_safe? || options[:safe] + text = h(text) unless text.html_safe? || options[:safe] text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}") # 2+ newline -> paragraph text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline -> br @@ -503,7 +503,7 @@ module ActionView text.html_safe else display_text = (block_given?) ? yield(text) : text - display_text = sanitize(display_text) unless options[:safe] + display_text = h(display_text) unless options[:safe] mail_to text, display_text, html_options end end diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index 17fc8b6edd..108cf510ff 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -41,7 +41,7 @@ class TextHelperTest < ActionView::TestCase end def test_simple_format_should_sanitize_unsafe_input - assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>") + assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>") end def test_simple_format_should_not_sanitize_input_if_safe_option @@ -62,8 +62,7 @@ class TextHelperTest < ActionView::TestCase end def test_truncate_should_sanitize_unsafe_input - assert_equal "Hello World!", truncate("Hello <script>code!</script>World!", :length => 12) - assert_equal "Hello Wor...", truncate("Hello <script>code!</script>World!!", :length => 12) + assert_equal "Hello <...", truncate("Hello <script>code!</script>World!!", :length => 12) end def test_truncate_should_not_sanitize_input_if_safe_option @@ -141,7 +140,7 @@ class TextHelperTest < ActionView::TestCase def test_highlight_should_sanitize_unsafe_input assert_equal( - "This is a <strong class=\"highlight\">beautiful</strong> morning", + "This is a <strong class=\"highlight\">beautiful</strong> morning<script>code!</script>", highlight("This is a beautiful morning<script>code!</script>", "beautiful") ) end @@ -190,23 +189,23 @@ class TextHelperTest < ActionView::TestCase def test_highlight_with_html assert_equal( - "<p>This is a <strong class=\"highlight\">beautiful</strong> morning, but also a <strong class=\"highlight\">beautiful</strong> day</p>", + "<p>This is a <strong class=\"highlight\">beautiful</strong> morning, but also a <strong class=\"highlight\">beautiful</strong> day</p>", highlight("<p>This is a beautiful morning, but also a beautiful day</p>", "beautiful") ) assert_equal( - "<p>This is a <em><strong class=\"highlight\">beautiful</strong></em> morning, but also a <strong class=\"highlight\">beautiful</strong> day</p>", + "<p>This is a <em><strong class=\"highlight\">beautiful</strong></em> morning, but also a <strong class=\"highlight\">beautiful</strong> day</p>", highlight("<p>This is a <em>beautiful</em> morning, but also a beautiful day</p>", "beautiful") ) assert_equal( - "<p>This is a <em class=\"error\"><strong class=\"highlight\">beautiful</strong></em> morning, but also a <strong class=\"highlight\">beautiful</strong> <span class=\"last\">day</span></p>", + "<p>This is a <em class="error"><strong class=\"highlight\">beautiful</strong></em> morning, but also a <strong class=\"highlight\">beautiful</strong> <span class="last">day</span></p>", highlight("<p>This is a <em class=\"error\">beautiful</em> morning, but also a beautiful <span class=\"last\">day</span></p>", "beautiful") ) assert_equal( - "<p class=\"beautiful\">This is a <strong class=\"highlight\">beautiful</strong> morning, but also a <strong class=\"highlight\">beautiful</strong> day</p>", + "<p class="<strong class=\"highlight\">beautiful</strong>">This is a <strong class=\"highlight\">beautiful</strong> morning, but also a <strong class=\"highlight\">beautiful</strong> day</p>", highlight("<p class=\"beautiful\">This is a beautiful morning, but also a beautiful day</p>", "beautiful") ) assert_equal( - "<p>This is a <strong class=\"highlight\">beautiful</strong> <a href=\"http://example.com/beautiful\#top?what=beautiful%20morning&when=now+then\">morning</a>, but also a <strong class=\"highlight\">beautiful</strong> day</p>", + "<p>This is a <strong class=\"highlight\">beautiful</strong> <a href="http://example.com/<strong class=\"highlight\">beautiful</strong>#top?what=<strong class=\"highlight\">beautiful</strong>%20morning&when=now+then">morning</a>, but also a <strong class=\"highlight\">beautiful</strong> day</p>", highlight("<p>This is a beautiful <a href=\"http://example.com/beautiful\#top?what=beautiful%20morning&when=now+then\">morning</a>, but also a beautiful day</p>", "beautiful") ) end |