From bb9c58eb4aa637fa75c69c705a9918d6322ff834 Mon Sep 17 00:00:00 2001 From: Jeff Kreeftmeijer Date: Mon, 11 Oct 2010 20:39:12 +0200 Subject: Make sure capture's output gets html_escaped [#5545 state:resolved] Also remove a duplicate test_link_to_unless assertion and add .html_safe to the remaining one. Signed-off-by: Santiago Pastorino --- actionpack/lib/action_view/helpers/capture_helper.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'actionpack/lib/action_view/helpers/capture_helper.rb') diff --git a/actionpack/lib/action_view/helpers/capture_helper.rb b/actionpack/lib/action_view/helpers/capture_helper.rb index 0401e6a09b..2c805c8ecf 100644 --- a/actionpack/lib/action_view/helpers/capture_helper.rb +++ b/actionpack/lib/action_view/helpers/capture_helper.rb @@ -1,4 +1,5 @@ require 'active_support/core_ext/object/blank' +require 'active_support/core_ext/string/output_safety' module ActionView # = Action View Capture Helper @@ -38,7 +39,7 @@ module ActionView value = nil buffer = with_output_buffer { value = yield(*args) } if string = buffer.presence || value and string.is_a?(String) - string + html_escape string end end -- cgit v1.2.3 From 72d12d94559f7c124fa2ec88eb668ad2948c02f4 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Tue, 2 Nov 2010 20:02:13 -0200 Subject: Call as ERB::Util.html_escape since is not the module is not included here --- actionpack/lib/action_view/helpers/capture_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_view/helpers/capture_helper.rb') diff --git a/actionpack/lib/action_view/helpers/capture_helper.rb b/actionpack/lib/action_view/helpers/capture_helper.rb index 2c805c8ecf..c88bd1efd5 100644 --- a/actionpack/lib/action_view/helpers/capture_helper.rb +++ b/actionpack/lib/action_view/helpers/capture_helper.rb @@ -39,7 +39,7 @@ module ActionView value = nil buffer = with_output_buffer { value = yield(*args) } if string = buffer.presence || value and string.is_a?(String) - html_escape string + ERB::Util.html_escape string end end -- cgit v1.2.3