From 330327eeecd3666a7b9b407e804b36cb1bc3cb48 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Mon, 18 Oct 2010 13:58:57 -0200 Subject: Call html_escape in ERB::Util module and don't mix it in in the helpers --- actionpack/lib/action_view/helpers/form_helper.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_view/helpers/form_helper.rb') diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index b34a74788e..d6e175c7e8 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -5,6 +5,7 @@ require 'action_view/helpers/form_tag_helper' require 'active_support/core_ext/class/inheritable_attributes' require 'active_support/core_ext/hash/slice' require 'active_support/core_ext/object/blank' +require 'active_support/core_ext/string/output_safety' module ActionView # = Action View Form Helpers @@ -907,7 +908,7 @@ module ActionView end options["type"] ||= field_type options["value"] = options.fetch("value"){ value_before_type_cast(object) } unless field_type == "file" - options["value"] &&= html_escape(options["value"]) + options["value"] &&= ERB::Util.html_escape(options["value"]) add_default_name_and_id(options) tag("input", options) end @@ -943,7 +944,7 @@ module ActionView options["cols"], options["rows"] = size.split("x") if size.respond_to?(:split) end - content_tag("textarea", html_escape(options.delete('value') || value_before_type_cast(object)), options) + content_tag("textarea", ERB::Util.html_escape(options.delete('value') || value_before_type_cast(object)), options) end def to_check_box_tag(options = {}, checked_value = "1", unchecked_value = "0") -- cgit v1.2.3