From d9f3f6de1a00d0b3f8cf34b409d6743db48dd424 Mon Sep 17 00:00:00 2001
From: Domizio Demichelis <dd.nexus@gmail.com>
Date: Sat, 9 Oct 2010 09:44:54 -0400
Subject: [PATCH] xss: fixed fake-field-context tag [#820 state:resolved]

---
 dryml/taglibs/core.dryml | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/dryml/taglibs/core.dryml b/dryml/taglibs/core.dryml
index 496e0a924..eacf501ed 100644
--- a/dryml/taglibs/core.dryml
+++ b/dryml/taglibs/core.dryml
@@ -15,9 +15,9 @@ Using regular DRYML conditional logic it is rather akward to conditionally wrap
 ### Usage
 
 For example, you might want to wrap an `<img>` tag in an `<a>` tag but only under certain conditions. Say the current context has an `href` attribute that may or may not be nil. We want to wrap the img in `<a>` if `href` is not nil:
-  
+
     <wrap when="&this.href.present?" tag="a" href="&this.href"><img src="&this.img_filename"/></wrap>
-{: .dryml}  
+{: .dryml}
 -->
 <def tag="wrap" attrs="tag, when, parameter">
   <% parameter ||= :default %>
@@ -31,7 +31,7 @@ For example, you might want to wrap an `<img>` tag in an `<a>` tag but only unde
 
     <partial name="my-partial" locals="&{:x => 10, :y => 20}"/>
 -->
-<def tag="partial" attrs="name, locals"><%= 
+<def tag="partial" attrs="name, locals"><%=
    locals ||= {}
    render(:partial => name, :locals => locals.merge(:this => this))
 %></def>
@@ -41,9 +41,9 @@ For example, you might want to wrap an `<img>` tag in an `<a>` tag but only unde
 
 ### Attributes
 
- - join: The value of this attribute, if given, will be inserted between each of the items (e.g. `join=", "` is very common).  
+ - join: The value of this attribute, if given, will be inserted between each of the items (e.g. `join=", "` is very common).
 -->
-<def tag="repeat" attrs="join"><if><%= 
+<def tag="repeat" attrs="join"><if><%=
   raise ArgumentError, "Cannot <repeat> on #{this.inspect}" unless this.respond_to? :each
   context_map do
     parameters.default
@@ -63,17 +63,17 @@ For example, you might want to wrap an `<img>` tag in an `<a>` tag but only unde
 
     <if test="&current_user.administrtator?">Logged in as administrator</if>
     <else>Logged in as normal user</else>
-    
-**IMPORTANT NOTE**: `<if>` tests for non-blank vs. blank (as defined by ActiveSuport), not true vs. false. 
+
+**IMPORTANT NOTE**: `<if>` tests for non-blank vs. blank (as defined by ActiveSuport), not true vs. false.
 
 If you do not give the `test` attribute, uses the current context instead. This allows a nice trick like this:
 
     <if:comments>...</if>
-    
+
 This has the double effect of changing the context to the `this.comments`, and only evaluating the body if there are comments (because an empty
-collection is considered blank)  
+collection is considered blank)
 -->
-<def tag="if" attrs="test"><%= 
+<def tag="if" attrs="test"><%=
   test = all_attributes.fetch(:test, this)
   res = (cond = !test.blank?) ? parameters.default : ""
   Dryml.last_if = cond
@@ -88,8 +88,8 @@ collection is considered blank)
 
 
 <!-- Same behaviour as `<if>`, except the test is negated. -->
-<def tag="unless" attrs="test"><%= 
-  test = all_attributes.fetch(:test, this)     
+<def tag="unless" attrs="test"><%=
+  test = all_attributes.fetch(:test, this)
   res = (cond = test.blank?) ? parameters.default : ""
   Dryml.last_if = cond
   res
@@ -100,7 +100,7 @@ collection is considered blank)
 <def tag="fake-field-context" attrs="fake-field, context"><%=
   res = ""
   new_field_context(fake_field, context) { res << parameters.default }
-  res
+  raw res
 %></def>