From 8a998b0fa7523c2c8eb6d0cf56e40408bf6e9b2e Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Tue, 5 Jan 2016 16:48:09 -0300 Subject: Add Html template handler that wraps Raw output in an OutputBuffer This fixes the case when you try to render an html you know safe and the file is named something.html. With this commit the content of the html won't be escaped anymore because AV won't use Raw handler and choose Html handler instead. --- actionview/lib/action_view/template/handlers.rb | 4 +++- actionview/lib/action_view/template/handlers/html.rb | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 actionview/lib/action_view/template/handlers/html.rb (limited to 'actionview/lib') diff --git a/actionview/lib/action_view/template/handlers.rb b/actionview/lib/action_view/template/handlers.rb index 0105e88a49..ad4c353608 100644 --- a/actionview/lib/action_view/template/handlers.rb +++ b/actionview/lib/action_view/template/handlers.rb @@ -2,13 +2,15 @@ module ActionView #:nodoc: # = Action View Template Handlers class Template module Handlers #:nodoc: + autoload :Raw, 'action_view/template/handlers/raw' autoload :ERB, 'action_view/template/handlers/erb' + autoload :Html, 'action_view/template/handlers/html' autoload :Builder, 'action_view/template/handlers/builder' - autoload :Raw, 'action_view/template/handlers/raw' def self.extended(base) base.register_default_template_handler :raw, Raw.new base.register_template_handler :erb, ERB.new + base.register_template_handler :html, Html.new base.register_template_handler :builder, Builder.new base.register_template_handler :ruby, :source.to_proc end diff --git a/actionview/lib/action_view/template/handlers/html.rb b/actionview/lib/action_view/template/handlers/html.rb new file mode 100644 index 0000000000..ccaa8d1469 --- /dev/null +++ b/actionview/lib/action_view/template/handlers/html.rb @@ -0,0 +1,9 @@ +module ActionView + module Template::Handlers + class Html < Raw + def call(template) + "ActionView::OutputBuffer.new #{super}" + end + end + end +end -- cgit v1.2.3