From f86421fb282ff2d209914db736ca64380dab044d Mon Sep 17 00:00:00 2001 From: Bruno Michel Date: Sat, 13 Feb 2010 19:53:26 -0200 Subject: content_tag should escape its input Signed-off-by: Yehuda Katz --- actionpack/lib/action_view/helpers/javascript_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 8fdaa8cf8d..2c73ff88f7 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -93,7 +93,7 @@ module ActionView end def javascript_cdata_section(content) #:nodoc: - "\n//#{cdata_section("\n#{content}\n//")}\n" + "\n//#{cdata_section("\n#{content}\n//")}\n".html_safe end end end -- cgit v1.2.3 From 4464b8e87bedd69816d4658c9386cc360affb62e Mon Sep 17 00:00:00 2001 From: Carlhuda Date: Tue, 9 Mar 2010 18:00:28 -0800 Subject: Deprecate block_called_from_erb? pending a solution for getting it into apps --- actionpack/lib/action_view/helpers/javascript_helper.rb | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 2c73ff88f7..8dab3094dd 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -83,13 +83,7 @@ module ActionView content_or_options_with_block end - tag = content_tag(:script, javascript_cdata_section(content), html_options.merge(:type => Mime::JS)) - - if block_called_from_erb?(block) - safe_concat(tag) - else - tag - end + content_tag(:script, javascript_cdata_section(content), html_options.merge(:type => Mime::JS)) end def javascript_cdata_section(content) #:nodoc: -- cgit v1.2.3