From 71b95bd954edd8e8f09293044d49b34b9120279a Mon Sep 17 00:00:00 2001 From: Akira Matsuda Date: Mon, 13 Feb 2012 17:54:58 +0900 Subject: add AS::SafeBuffer#clone_empty --- activesupport/lib/active_support/core_ext/string/output_safety.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'activesupport/lib') diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index dd780da157..20c2befc57 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -124,6 +124,12 @@ module ActiveSupport #:nodoc: @dirty = other.dirty? end + def clone_empty + new_safe_buffer = self[0, 0] + new_safe_buffer.instance_variable_set(:@dirty, @dirty) + new_safe_buffer + end + def concat(value) if dirty? || value.html_safe? super(value) -- cgit v1.2.3 From 71d8c77e5ac74c2aa20eff6b3d6a8b8ca24114d7 Mon Sep 17 00:00:00 2001 From: Akira Matsuda Date: Mon, 13 Feb 2012 17:58:01 +0900 Subject: delete vulnerable AS::SafeBuffer#[] --- activesupport/lib/active_support/core_ext/string/output_safety.rb | 6 ------ 1 file changed, 6 deletions(-) (limited to 'activesupport/lib') diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 20c2befc57..7f158369f4 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -103,12 +103,6 @@ module ActiveSupport #:nodoc: end end - def[](*args) - new_safe_buffer = super - new_safe_buffer.instance_eval { @dirty = false } - new_safe_buffer - end - def safe_concat(value) raise SafeConcatError if dirty? original_concat(value) -- cgit v1.2.3 From 8ccaa34103f1c37f7549f7f6c47a21dba21624db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Wed, 29 Feb 2012 22:30:51 +0100 Subject: Ensure [] respects the status of the buffer. --- .../core_ext/string/output_safety.rb | 30 +++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) (limited to 'activesupport/lib') diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 7f158369f4..728ab087fa 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -103,19 +103,31 @@ module ActiveSupport #:nodoc: end end + def [](*args) + return super if args.size < 2 + + if html_safe? + new_safe_buffer = super + new_safe_buffer.instance_eval { @html_safe = true } + new_safe_buffer + else + to_str[*args] + end + end + def safe_concat(value) - raise SafeConcatError if dirty? + raise SafeConcatError unless html_safe? original_concat(value) end def initialize(*) - @dirty = false + @html_safe = true super end def initialize_copy(other) super - @dirty = other.dirty? + @html_safe = other.html_safe? end def clone_empty @@ -125,7 +137,7 @@ module ActiveSupport #:nodoc: end def concat(value) - if dirty? || value.html_safe? + if !html_safe? || value.html_safe? super(value) else super(ERB::Util.h(value)) @@ -138,7 +150,7 @@ module ActiveSupport #:nodoc: end def html_safe? - !dirty? + defined?(@html_safe) && @html_safe end def to_s @@ -161,18 +173,12 @@ module ActiveSupport #:nodoc: end # end def #{unsafe_method}!(*args) # def capitalize!(*args) - @dirty = true # @dirty = true + @html_safe = false # @html_safe = false super # super end # end EOT end end - - protected - - def dirty? - @dirty - end end end -- cgit v1.2.3