diff options
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/CHANGELOG.md | 7 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/debug_helper.rb | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/text_helper.rb | 7 | ||||
| -rw-r--r-- | actionview/lib/action_view/layouts.rb | 2 | ||||
| -rw-r--r-- | actionview/test/activerecord/debug_helper_test.rb | 6 | ||||
| -rw-r--r-- | actionview/test/template/number_helper_test.rb | 4 |
6 files changed, 25 insertions, 3 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 101f1263d9..82a636315a 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,10 @@ +* `number_to_percentage` does not crash with `Float::NAN` or `Float::INFINITY` + as input when `precision: 0` is used. + + Fixes #19227. + + *Yves Senn* + * Fixed the translation helper method to accept different default values types besides String. diff --git a/actionview/lib/action_view/helpers/debug_helper.rb b/actionview/lib/action_view/helpers/debug_helper.rb index ba47eee9ba..e9dccbad1c 100644 --- a/actionview/lib/action_view/helpers/debug_helper.rb +++ b/actionview/lib/action_view/helpers/debug_helper.rb @@ -26,7 +26,7 @@ module ActionView Marshal::dump(object) object = ERB::Util.html_escape(object.to_yaml) content_tag(:pre, object, :class => "debug_dump") - rescue Exception # errors from Marshal or YAML + rescue # errors from Marshal or YAML # Object couldn't be dumped, perhaps because of singleton methods -- this is the fallback content_tag(:code, object.inspect, :class => "debug_dump") end diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index 2c40ed1832..c216d4401f 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -103,7 +103,9 @@ module ActionView # Highlights one or more +phrases+ everywhere in +text+ by inserting it into # a <tt>:highlighter</tt> string. The highlighter can be specialized by passing <tt>:highlighter</tt> # as a single-quoted string with <tt>\1</tt> where the phrase is to be inserted (defaults to - # '<mark>\1</mark>') or passing a block that receives each matched term. + # '<mark>\1</mark>') or passing a block that receives each matched term. By default +text+ + # is sanitized to prevent possible XSS attacks. If the input is trustworthy, passing false + # for <tt>:sanitize</tt> will turn sanitizing off. # # highlight('You searched for: rails', 'rails') # # => You searched for: <mark>rails</mark> @@ -122,6 +124,9 @@ module ActionView # # highlight('You searched for: rails', 'rails') { |match| link_to(search_path(q: match, match)) } # # => You searched for: <a href="search?q=rails">rails</a> + # + # highlight('<a href="javascript:alert(\'no!\')">ruby</a> on rails', 'rails', sanitize: false) + # # => "<a>ruby</a> on <mark>rails</mark>" def highlight(text, phrases, options = {}) text = sanitize(text) if options.fetch(:sanitize, true) diff --git a/actionview/lib/action_view/layouts.rb b/actionview/lib/action_view/layouts.rb index 0b5c0b9991..9d636c8c9e 100644 --- a/actionview/lib/action_view/layouts.rb +++ b/actionview/lib/action_view/layouts.rb @@ -228,7 +228,7 @@ module ActionView # set by the <tt>layout</tt> method. # # ==== Returns - # * <tt> Boolean</tt> - True if the action has a layout definition, false otherwise. + # * <tt>Boolean</tt> - True if the action has a layout definition, false otherwise. def _conditional_layout? return unless super diff --git a/actionview/test/activerecord/debug_helper_test.rb b/actionview/test/activerecord/debug_helper_test.rb index 5609694cd5..03cb1d5a91 100644 --- a/actionview/test/activerecord/debug_helper_test.rb +++ b/actionview/test/activerecord/debug_helper_test.rb @@ -1,8 +1,14 @@ require 'active_record_unit' +require 'nokogiri' class DebugHelperTest < ActionView::TestCase def test_debug company = Company.new(name: "firebase") assert_match "name: firebase", debug(company) end + + def test_debug_with_marshal_error + obj = -> { } + assert_match obj.inspect, Nokogiri.XML(debug(obj)).content + end end diff --git a/actionview/test/template/number_helper_test.rb b/actionview/test/template/number_helper_test.rb index b59883b760..b70b750869 100644 --- a/actionview/test/template/number_helper_test.rb +++ b/actionview/test/template/number_helper_test.rb @@ -35,6 +35,10 @@ class NumberHelperTest < ActionView::TestCase assert_equal "98a%", number_to_percentage("98a") assert_equal "NaN%", number_to_percentage(Float::NAN) assert_equal "Inf%", number_to_percentage(Float::INFINITY) + assert_equal "NaN%", number_to_percentage(Float::NAN, precision: 0) + assert_equal "Inf%", number_to_percentage(Float::INFINITY, precision: 0) + assert_equal "NaN%", number_to_percentage(Float::NAN, precision: 1) + assert_equal "Inf%", number_to_percentage(Float::INFINITY, precision: 1) end def test_number_with_delimiter |