diff options
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/form_helper.rb | 1 | ||||
| -rw-r--r-- | actionpack/test/template/form_helper_test.rb | 16 |
3 files changed, 19 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 65a5934bba..54030047ba 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Fixed that TextHelper#text_field would corrypt when raw HTML was used as the value (mchenryc, Kevin Glowacz) [#80] + * Added ActionController::TestCase#rescue_action_in_public! to control whether the action under test should use the regular rescue_action path instead of simply raising the exception inline (great for error testing) [DHH] * Reduce number of instance variables being copied from controller to view. [Pratik] diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index 4459ccbce5..65f4fb6e45 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -486,6 +486,7 @@ module ActionView end options["type"] = field_type options["value"] ||= value_before_type_cast(object) unless field_type == "file" + options["value"] &&= html_escape(options["value"]) add_default_name_and_id(options) tag("input", options) end diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb index b4857fcb62..204575fd89 100644 --- a/actionpack/test/template/form_helper_test.rb +++ b/actionpack/test/template/form_helper_test.rb @@ -104,6 +104,14 @@ class FormHelperTest < ActionView::TestCase ) end + def test_text_field_with_html_entities + @post.title = "The HTML Entity for & is &" + assert_dom_equal( + '<input id="post_title" name="post[title]" size="30" type="text" value="The HTML Entity for & is &amp;" />', + text_field("post", "title") + ) + end + def test_text_field_with_options expected = '<input id="post_title" name="post[title]" size="35" type="text" value="Hello World" />' assert_dom_equal expected, text_field("post", "title", "size" => 35) @@ -227,6 +235,14 @@ class FormHelperTest < ActionView::TestCase ) end + def test_text_area_with_html_entities + @post.body = "The HTML Entity for & is &" + assert_dom_equal( + '<textarea cols="40" id="post_body" name="post[body]" rows="20">The HTML Entity for & is &amp;</textarea>', + text_area("post", "body") + ) + end + def test_text_area_with_size_option assert_dom_equal( '<textarea cols="183" id="post_body" name="post[body]" rows="820">Back to the hill and over it again!</textarea>', |