aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport/lib/active_support/core_ext/string/output_safety.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activesupport/lib/active_support/core_ext/string/output_safety.rb')
-rw-r--r--activesupport/lib/active_support/core_ext/string/output_safety.rb16
1 files changed, 15 insertions, 1 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index c27cbc37c5..20e40fe40f 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -51,7 +51,8 @@ class ERB
# <%=j @person.to_json %>
#
def json_escape(s)
- s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+ result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+ s.html_safe? ? result.html_safe : result
end
alias j json_escape
@@ -74,6 +75,7 @@ end
module ActiveSupport #:nodoc:
class SafeBuffer < String
+ UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze
alias safe_concat concat
def concat(value)
@@ -110,6 +112,18 @@ module ActiveSupport #:nodoc:
to_str.to_yaml(*args)
end
+
+ UNSAFE_STRING_METHODS.each do |unsafe_method|
+ class_eval <<-EOT, __FILE__, __LINE__
+ def #{unsafe_method}(*args)
+ super.to_str
+ end
+
+ def #{unsafe_method}!(*args)
+ raise TypeError, "Cannot modify SafeBuffer in place"
+ end
+ EOT
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 08:19:50 +0000