From bcab3f20dac0fe993e5d31bf6acef28ec54e658b Mon Sep 17 00:00:00 2001
From: Paul Grayson <paul@pololu.com>
Date: Tue, 10 Jun 2014 17:33:34 -0700
Subject: In tag helper, honor html_safe on array parameters; also make
 safe_join more similar to Array.join by first calling flatten.

---
 actionview/lib/action_view/helpers/output_safety_helper.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'actionview/lib/action_view/helpers/output_safety_helper.rb')

diff --git a/actionview/lib/action_view/helpers/output_safety_helper.rb b/actionview/lib/action_view/helpers/output_safety_helper.rb
index e1f40011c0..b0d9c7c7f9 100644
--- a/actionview/lib/action_view/helpers/output_safety_helper.rb
+++ b/actionview/lib/action_view/helpers/output_safety_helper.rb
@@ -18,9 +18,9 @@ module ActionView #:nodoc:
       end
 
       # This method returns a html safe string similar to what <tt>Array#join</tt>
-      # would return. All items in the array, including the supplied separator, are
-      # html escaped unless they are html safe, and the returned string is marked
-      # as html safe.
+      # would return. The array is flattened, and all items, including
+      # the supplied separator, are html escaped unless they are html
+      # safe, and the returned string is marked as html safe.
       #
       #   safe_join(["<p>foo</p>".html_safe, "<p>bar</p>"], "<br />")
       #   # => "<p>foo</p>&lt;br /&gt;&lt;p&gt;bar&lt;/p&gt;"
@@ -31,7 +31,7 @@ module ActionView #:nodoc:
       def safe_join(array, sep=$,)
         sep = ERB::Util.unwrapped_html_escape(sep)
 
-        array.map { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
+        array.flatten.map! { |i| ERB::Util.unwrapped_html_escape(i) }.join(sep).html_safe
       end
     end
   end
-- 
cgit v1.2.3