From 9fb21e98e2a3c8c19dce8a2c4bb8a850af65a054 Mon Sep 17 00:00:00 2001
From: Vasiliy Ermolovich <younash@gmail.com>
Date: Wed, 16 May 2012 21:04:31 +0300
Subject: fix safe string interpolation with SafeBuffer#%, closes #6352

---
 .../lib/active_support/core_ext/string/output_safety.rb    | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'activesupport/lib/active_support/core_ext')

diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index 6bda970e40..f98d5b3777 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -150,6 +150,20 @@ module ActiveSupport #:nodoc:
       dup.concat(other)
     end
 
+    def %(args)
+      args = Array(args)
+
+      args.map! do |arg|
+        if !html_safe? || arg.html_safe?
+          arg
+        else
+          ERB::Util.h(arg)
+        end
+      end
+
+      self.class.new(super(args))
+    end
+
     def html_safe?
       defined?(@html_safe) && @html_safe
     end
-- 
cgit v1.2.3