diff options
Diffstat (limited to 'activesupport/lib/active_support/core_ext/string/output_safety.rb')
| -rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 8b8aa2b380..c56ac16203 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -76,10 +76,24 @@ end module ActiveSupport #:nodoc: class SafeBuffer < String UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze + + # TODO: Should safe_concat check if the current buffer is dirty or not? + # We should probably raise as it would mean we are adding concatenating + # to something that is safe but it actually isn't. alias safe_concat concat + def initialize(*) + @dirty = false + super + end + + def initialize_copy(other) + super + @dirty = other.dirty? + end + def concat(value) - if value.html_safe? + if dirty? || value.html_safe? super(value) else super(ERB::Util.h(value)) @@ -92,11 +106,7 @@ module ActiveSupport #:nodoc: end def html_safe? - true - end - - def html_safe - self + !dirty? end def to_s @@ -113,7 +123,6 @@ module ActiveSupport #:nodoc: def to_yaml(*args) return super() if defined?(YAML::ENGINE) && !YAML::ENGINE.syck? - to_str.to_yaml(*args) end @@ -124,18 +133,21 @@ module ActiveSupport #:nodoc: end def #{unsafe_method}!(*args) - raise TypeError, "Cannot modify SafeBuffer in place" + @dirty = true + super end EOT end + + protected + + def dirty? + @dirty + end end end class String - def html_safe! - raise "You can't call html_safe! on a String" - end - def html_safe ActiveSupport::SafeBuffer.new(self) end |