From 608eddc6f5465c642bd02f5523a8e486a87020b1 Mon Sep 17 00:00:00 2001 From: Carlos Antonio da Silva Date: Thu, 12 Jan 2012 21:04:02 -0200 Subject: Move escape_once logic to ERB::Util, where it belongs to All the logic is based on the HTML_ESCAPE constant available in ERB::Util, so it seems more logic to have the entire method there and just delegate the helper to use it. --- actionpack/lib/action_view/helpers/tag_helper.rb | 2 +- actionpack/test/template/erb_util_test.rb | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'actionpack') diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index d7a2651bad..ecd26891d6 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -118,7 +118,7 @@ module ActionView # escape_once("<< Accept & Checkout") # # => "<< Accept & Checkout" def escape_once(html) - html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } + ERB::Util.html_escape_once(html) end private diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb index eba2ef64e0..ca2710e9b3 100644 --- a/actionpack/test/template/erb_util_test.rb +++ b/actionpack/test/template/erb_util_test.rb @@ -44,4 +44,18 @@ class ErbUtilTest < ActiveSupport::TestCase assert_equal chr, html_escape(chr) end end + + def test_html_escape_once + assert_equal '1 < 2 & 3', html_escape_once('1 < 2 & 3') + end + + def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings + value = html_escape_once('1 < 2 & 3') + assert !value.html_safe? + end + + def test_html_escape_once_returns_safe_strings_when_passed_safe_strings + value = html_escape_once('1 < 2 & 3'.html_safe) + assert value.html_safe? + end end -- cgit v1.2.3