Permalink
Browse files

untaint value in TagHelper#escape, so that it works with form_for() h…

…elper (by Gerrit Kaiser)

git-svn-id: svn://rubyforge.org/var/svn/safe-erb/plugins/safe_erb@5 ae60d643-a0c1-4d14-af8c-9187da1253ed
  • Loading branch information...
1 parent 80be62a commit ac5750caa62fd27245e3781458e5b7a0f6fb02e9 shinya committed Feb 6, 2008
Showing with 29 additions and 0 deletions.
  1. +1 −0 lib/safe_erb.rb
  2. +11 −0 lib/safe_erb/tag_helper.rb
  3. +17 −0 test/tag_helper_test.rb
View
@@ -1,6 +1,7 @@
# SafeERB
require 'safe_erb/common'
+require 'safe_erb/tag_helper'
if Rails::VERSION::MAJOR >= 2
require 'safe_erb/rails_2'
View
@@ -0,0 +1,11 @@
+module ActionView
+ module Helpers
+ module TagHelper
+ def escape_once_with_untaint(html)
+ escape_once_without_untaint(html).untaint
+ end
+
+ alias_method_chain :escape_once, :untaint
+ end
+ end
+end
View
@@ -0,0 +1,17 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../../../config/environment')
+require 'test_help'
+
+class TagHelperTest < Test::Unit::TestCase
+ include ActionView::Helpers::TagHelper
+
+ def test_inclusion_in_taghelper
+ assert self.respond_to?(:escape_once_with_untaint)
+ assert self.respond_to?(:escape_once_without_untaint)
+ end
+
+ def test_taghelper_untaints
+ evil_str = "evil knievel".taint
+ assert !escape_once(evil_str).tainted?
+ assert escape_once_without_untaint(evil_str).tainted?
+ end
+end

0 comments on commit ac5750c

Please sign in to comment.