From b4976ce91ba003942acd3f285c6b4fb308657a69 Mon Sep 17 00:00:00 2001
From: Santiago Pastorino
Date: Fri, 11 Jun 2010 04:37:10 -0300
Subject: text_helper now escape the unsafe input instead of sanitizing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: José Valim
---
actionpack/lib/action_view/helpers/text_helper.rb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
(limited to 'actionpack/lib')
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index a06073ce66..700c0b9e3b 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -74,7 +74,7 @@ module ActionView
options.reverse_merge!(:length => 30)
- text = sanitize(text) unless text.html_safe? || options[:safe]
+ text = h(text) unless text.html_safe? || options[:safe]
text.truncate(options.delete(:length), options) if text
end
@@ -106,7 +106,7 @@ module ActionView
end
options.reverse_merge!(:highlighter => '\1')
- text = sanitize(text) unless text.html_safe? || options[:safe]
+ text = h(text) unless text.html_safe? || options[:safe]
if text.blank? || phrases.blank?
text
else
@@ -244,7 +244,7 @@ module ActionView
def simple_format(text, html_options={}, options={})
text = '' if text.nil?
start_tag = tag('p', html_options, true)
- text = sanitize(text) unless text.html_safe? || options[:safe]
+ text = h(text) unless text.html_safe? || options[:safe]
text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n
text.gsub!(/\n\n+/, "
\n\n#{start_tag}") # 2+ newline -> paragraph
text.gsub!(/([^\n]\n)(?=[^\n])/, '\1
') # 1 newline -> br
@@ -503,7 +503,7 @@ module ActionView
text.html_safe
else
display_text = (block_given?) ? yield(text) : text
- display_text = sanitize(display_text) unless options[:safe]
+ display_text = h(display_text) unless options[:safe]
mail_to text, display_text, html_options
end
end
--
cgit v1.2.3