diff options
Diffstat (limited to 'actionview')
-rw-r--r-- | actionview/CHANGELOG.md | 18 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/atom_feed_helper.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/number_helper.rb | 14 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/text_helper.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/log_subscriber.rb | 4 | ||||
-rw-r--r-- | actionview/test/template/text_helper_test.rb | 5 |
6 files changed, 28 insertions, 17 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 4adf1dbd8f..9eb68db101 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,6 +1,10 @@ -* Ensure ActionView::Digestor.cache is correctly cleaned up when - combining recursive templates with ActionView::Resolver.caching = false - +* Fix `simple_format` escapes own output when passing `sanitize: true` + + *Paul Seidemann* + +* Ensure `ActionView::Digestor.cache` is correctly cleaned up when + combining recursive templates with `ActionView::Resolver.caching = false`. + *wyaeld* * Fix `collection_check_boxes` generated hidden input to use the name attribute provided @@ -8,7 +12,7 @@ *Angel N. Sciortino* -* Fix some edge cases for AV `select` helper with `:selected` option +* Fix some edge cases for AV `select` helper with `:selected` option. *Bogdan Gusiev* @@ -22,14 +26,14 @@ *Bogdan Gusiev* -* Handle `:namespace` form option in collection labels +* Handle `:namespace` form option in collection labels. *Vasiliy Ermolovich* -* Fix `form_for` when both `namespace` and `as` options are present +* Fix `form_for` when both `namespace` and `as` options are present. `as` option no longer overwrites `namespace` option when generating - html id attribute of the form element + html id attribute of the form element. *Adam Niedzielski* diff --git a/actionview/lib/action_view/helpers/atom_feed_helper.rb b/actionview/lib/action_view/helpers/atom_feed_helper.rb index 42b1dd8933..af70a4242a 100644 --- a/actionview/lib/action_view/helpers/atom_feed_helper.rb +++ b/actionview/lib/action_view/helpers/atom_feed_helper.rb @@ -64,7 +64,7 @@ module ActionView # 'xmlns:openSearch' => 'http://a9.com/-/spec/opensearch/1.1/'}) do |feed| # feed.title("My great blog!") # feed.updated((@posts.first.created_at)) - # feed.tag!(openSearch:totalResults, 10) + # feed.tag!('openSearch:totalResults', 10) # # @posts.each do |post| # feed.entry(post) do |entry| diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb index 0a2011f87d..9adc2c1a8f 100644 --- a/actionview/lib/action_view/helpers/number_helper.rb +++ b/actionview/lib/action_view/helpers/number_helper.rb @@ -105,7 +105,7 @@ module ActionView # number_to_currency(1234567890.50, unit: "£", separator: ",", delimiter: "", format: "%n %u") # # => 1234567890,50 £ def number_to_currency(number, options = {}) - delegate_number_helper_method(number, options, :number_to_currency) + delegate_number_helper_method(:number_to_currency, number, options) end # Formats a +number+ as a percentage string (e.g., 65%). You can @@ -145,7 +145,7 @@ module ActionView # # number_to_percentage("98a", raise: true) # => InvalidNumberError def number_to_percentage(number, options = {}) - delegate_number_helper_method(number, options, :number_to_percentage) + delegate_number_helper_method(:number_to_percentage, number, options) end # Formats a +number+ with grouped thousands using +delimiter+ @@ -178,7 +178,7 @@ module ActionView # # number_with_delimiter("112a", raise: true) # => raise InvalidNumberError def number_with_delimiter(number, options = {}) - delegate_number_helper_method(number, options, :number_to_delimited) + delegate_number_helper_method(:number_to_delimited, number, options) end # Formats a +number+ with the specified level of @@ -223,7 +223,7 @@ module ActionView # number_with_precision(1111.2345, precision: 2, separator: ',', delimiter: '.') # # => 1.111,23 def number_with_precision(number, options = {}) - delegate_number_helper_method(number, options, :number_to_rounded) + delegate_number_helper_method(:number_to_rounded, number, options) end # Formats the bytes in +number+ into a more understandable @@ -275,7 +275,7 @@ module ActionView # number_to_human_size(1234567890123, precision: 5) # => "1.1229 TB" # number_to_human_size(524288000, precision: 5) # => "500 MB" def number_to_human_size(number, options = {}) - delegate_number_helper_method(number, options, :number_to_human_size) + delegate_number_helper_method(:number_to_human_size, number, options) end # Pretty prints (formats and approximates) a number in a way it @@ -377,12 +377,12 @@ module ActionView # number_to_human(0.34, units: :distance) # => "34 centimeters" # def number_to_human(number, options = {}) - delegate_number_helper_method(number, options, :number_to_human) + delegate_number_helper_method(:number_to_human, number, options) end private - def delegate_number_helper_method(number, options, method) + def delegate_number_helper_method(method, number, options) return unless number options = escape_unsafe_delimiters_and_separators(options.symbolize_keys) diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index c23d605c5f..b0e4aa3cd3 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -268,7 +268,7 @@ module ActionView content_tag(wrapper_tag, nil, html_options) else paragraphs.map! { |paragraph| - content_tag(wrapper_tag, paragraph, html_options, options[:sanitize]) + content_tag(wrapper_tag, paragraph, html_options, false) }.join("\n\n").html_safe end end diff --git a/actionview/lib/action_view/log_subscriber.rb b/actionview/lib/action_view/log_subscriber.rb index 9336b29d0b..6c8d9cb5bf 100644 --- a/actionview/lib/action_view/log_subscriber.rb +++ b/actionview/lib/action_view/log_subscriber.rb @@ -30,7 +30,9 @@ module ActionView EMPTY = '' def from_rails_root(string) - string.sub(rails_root, EMPTY).sub(VIEWS_PATTERN, EMPTY) + string = string.sub(rails_root, EMPTY) + string.sub!(VIEWS_PATTERN, EMPTY) + string end def rails_root diff --git a/actionview/test/template/text_helper_test.rb b/actionview/test/template/text_helper_test.rb index c2999fcb85..c624326683 100644 --- a/actionview/test/template/text_helper_test.rb +++ b/actionview/test/template/text_helper_test.rb @@ -42,6 +42,11 @@ class TextHelperTest < ActionView::TestCase assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>") end + def test_simple_format_should_sanitize_input_when_sanitize_option_is_true + assert_equal '<p><b> test with unsafe string </b></p>', + simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true) + end + def test_simple_format_should_not_sanitize_input_when_sanitize_option_is_false assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>", {}, :sanitize => false) end |