From 2c423b3f3f0d489b0e9943b69f5b25d97006ca74 Mon Sep 17 00:00:00 2001 From: Andrew Mutz Date: Wed, 16 May 2012 13:22:52 -0700 Subject: reverting decoupling of NumberHelper from safe_join and adding tests for escaping of delimiters and separators --- actionpack/lib/action_view/helpers/number_helper.rb | 2 +- actionpack/test/template/number_helper_test.rb | 2 ++ activesupport/lib/active_support/testing/performance.rb | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb index 62455b97f9..dfc26acfad 100644 --- a/actionpack/lib/action_view/helpers/number_helper.rb +++ b/actionpack/lib/action_view/helpers/number_helper.rb @@ -254,7 +254,7 @@ module ActionView parts = number.to_s.to_str.split('.') parts[0].gsub!(/(\d)(?=(\d\d\d)+(?!\d))/, "\\1#{options[:delimiter]}") - parts.join(options[:separator]).html_safe + safe_join(parts, options[:separator]) end # Formats a +number+ with the specified level of diff --git a/actionpack/test/template/number_helper_test.rb b/actionpack/test/template/number_helper_test.rb index 5c6f23d70b..14ca6d9879 100644 --- a/actionpack/test/template/number_helper_test.rb +++ b/actionpack/test/template/number_helper_test.rb @@ -78,6 +78,8 @@ class NumberHelperTest < ActionView::TestCase assert_equal '12,345,678-05', number_with_delimiter(12345678.05, :separator => '-') assert_equal '12.345.678,05', number_with_delimiter(12345678.05, :separator => ',', :delimiter => '.') assert_equal '12.345.678,05', number_with_delimiter(12345678.05, :delimiter => '.', :separator => ',') + assert_equal '1<script></script>01', number_with_delimiter(1.01, :separator => "") + assert_equal '1<script></script>000', number_with_delimiter(1000, :delimiter => "") end def test_number_with_precision diff --git a/activesupport/lib/active_support/testing/performance.rb b/activesupport/lib/active_support/testing/performance.rb index ec6986654e..2bea0f991a 100644 --- a/activesupport/lib/active_support/testing/performance.rb +++ b/activesupport/lib/active_support/testing/performance.rb @@ -196,6 +196,7 @@ module ActiveSupport class Base include ActionView::Helpers::NumberHelper + include ActionView::Helpers::OutputSafetyHelper attr_reader :total -- cgit v1.2.3