From 1300c034775a5d52ad9141fdf5bbdbb9159df96a Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Wed, 8 Jun 2011 09:31:03 +1200
Subject: Ensure that the strings returned by SafeBuffer#gsub and friends
 aren't considered html_safe?

Also make sure that the versions of those methods which modify a string in place such as gsub! can't be called on safe buffers at all.

Conflicts:

	activesupport/test/safe_buffer_test.rb
---
 .../lib/active_support/core_ext/string/output_safety.rb     | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'activesupport/lib/active_support/core_ext/string')

diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index c27cbc37c5..6df987eb14 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -74,6 +74,7 @@ end
 
 module ActiveSupport #:nodoc:
   class SafeBuffer < String
+    UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze
     alias safe_concat concat
 
     def concat(value)
@@ -110,6 +111,18 @@ module ActiveSupport #:nodoc:
 
       to_str.to_yaml(*args)
     end
+
+    for unsafe_method in UNSAFE_STRING_METHODS
+      class_eval <<-EOT, __FILE__, __LINE__
+        def #{unsafe_method}(*args)
+          super.to_str
+        end
+
+        def #{unsafe_method}!(*args)
+          raise TypeError, "Cannot modify SafeBuffer in place"
+        end
+      EOT
+    end
   end
 end
 
-- 
cgit v1.2.3