From 5f189f41258b83d49012ec5a0678d827327e7543 Mon Sep 17 00:00:00 2001 From: Joost Baaij Date: Fri, 16 Nov 2012 09:11:43 +0100 Subject: Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`. This is a list of mime types where template text is not html escaped by default. It prevents `Jack & Joe` from rendering as `Jack & Joe` for the whitelisted mime types. The default whitelist contains text/plain. This follows a whitelist approach where plain text templates are not escaped, and all the others (json, xml) are. The mime type is assumed to be set by the abstract controller. --- actionpack/test/template/template_test.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'actionpack/test/template') diff --git a/actionpack/test/template/template_test.rb b/actionpack/test/template/template_test.rb index ffee3f81ba..6c11ee5322 100644 --- a/actionpack/test/template/template_test.rb +++ b/actionpack/test/template/template_test.rb @@ -26,6 +26,10 @@ class TestERBTemplate < ActiveSupport::TestCase "Hello" end + def apostrophe + "l'apostrophe" + end + def partial ActionView::Template.new( "<%= @virtual_path %>", @@ -48,7 +52,7 @@ class TestERBTemplate < ActiveSupport::TestCase end end - def new_template(body = "<%= hello %>", details = {}) + def new_template(body = "<%= hello %>", details = {format: html}) ActionView::Template.new(body, "hello template", details.fetch(:handler) { ERBHandler }, {:virtual_path => "hello"}.merge!(details)) end @@ -72,6 +76,16 @@ class TestERBTemplate < ActiveSupport::TestCase assert_equal "Hello", render end + def test_basic_template_does_html_escape + @template = new_template("<%= apostrophe %>") + assert_equal "l'apostrophe", render + end + + def test_text_template_does_not_html_escape + @template = new_template("<%= apostrophe %>", format: text) + assert_equal "l'apostrophe", render + end + def test_raw_template @template = new_template("<%= hello %>", :handler => ActionView::Template::Handlers::Raw.new) assert_equal "<%= hello %>", render -- cgit v1.2.3