Do not call #to_html in print_object for now because e.g. REXML::Text…

… does not handle XSS protection as expected
ChristianPeters · Jul 24, 2011 · 1beab58 · 1beab58
1 parent df33fe9
commit 1beab58
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 4 deletions.
diff --git a/lib/active_component.rb b/lib/active_component.rb
@@ -142,9 +142,7 @@ def print_object(object, method = nil)
     #logger = RAILS_DEFAULT_LOGGER
     #logger.info "\"print_object speaking. I am about to print Object: " + object.inspect + " Method: " + method.inspect + ". Over.\""
     unless method.present?
-      if object.respond_to? :to_html
-        object.to_html
-      elsif object.respond_to? :call
+      if object.respond_to? :call
         begin
           object.call.to_s
         # Haml buffers may be provided in callable form, but have to be captured

diff --git a/spec/active_component_spec.rb b/spec/active_component_spec.rb
@@ -114,7 +114,8 @@
     it "should render components" do
       renderable = mock :component
       html = "<div>\n Component content\n</div"
-      renderable.should_receive(:to_html).at_least(:once).and_return(html)
+      renderable.should_receive(:to_html).any_number_of_times.and_return(html)
+      renderable.should_receive(:to_s).any_number_of_times.and_return(html)
       @comp.print_object(renderable).should == html
     end