content_tag_string shouldn't escape_html if escape param is false

rails · Jun 7, 2010 · 399b493 · 399b493
1 parent eebac02
commit 399b493
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -110,7 +110,7 @@ def escape_once(html)
 
         def content_tag_string(name, content, options, escape = true)
           tag_options = tag_options(options, escape) if options
-          "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe
+          "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe
         end
 
         def tag_options(options, escape = true)

diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb
@@ -39,6 +39,8 @@ def test_content_tag
                  content_tag("a", "Create", :href => "create")
     assert_equal "<p>&lt;script&gt;evil_js&lt;/script&gt;</p>",
                  content_tag(:p, '<script>evil_js</script>')
+    assert_equal "<p><script>evil_js</script></p>",
+                 content_tag(:p, '<script>evil_js</script>', nil, false)
   end
 
   def test_content_tag_with_block_in_erb