From 085db5e128ad4ad8fd042776722c78e194c6d0a4 Mon Sep 17 00:00:00 2001
From: Chris Mear <chris@feedmechocolate.com>
Date: Thu, 19 Feb 2009 14:16:10 +0000
Subject: Make text_area_tag escape contents by default.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#2015 state:committed]
---
 actionpack/lib/action_view/helpers/form_tag_helper.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb
index 8ab78e7bc6..ca6ba501e2 100644
--- a/actionpack/lib/action_view/helpers/form_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb
@@ -231,6 +231,8 @@ module ActionView
       # * <tt>:rows</tt> - Specify the number of rows in the textarea
       # * <tt>:cols</tt> - Specify the number of columns in the textarea
       # * <tt>:disabled</tt> - If set to true, the user will not be able to use this input.
+      # * <tt>:escape</tt> - By default, the contents of the text input are HTML escaped.
+      #   If you need unescaped contents, set this to false.
       # * Any other key creates standard HTML attributes for the tag.
       #
       # ==== Examples
@@ -258,6 +260,9 @@ module ActionView
           options["cols"], options["rows"] = size.split("x") if size.respond_to?(:split)
         end
 
+        escape = options.key?("escape") ? options.delete("escape") : true
+        content = html_escape(content) if escape
+
         content_tag :textarea, content, { "name" => name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)
       end
 
-- 
cgit v1.2.3