DisplayHelper should not sanitize its input

activeadmin · Dec 28, 2017 · 6a2f8f3 · 6a2f8f3
1 parent ac4768e
commit 6a2f8f3
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 11 deletions.
diff --git a/lib/active_admin/view_helpers/display_helper.rb b/lib/active_admin/view_helpers/display_helper.rb
@@ -66,7 +66,7 @@ def find_value(resource, attr)
       def pretty_format(object)
         case object
         when String, Numeric, Symbol, Arbre::Element
-          sanitize(object.to_s)
+          object.to_s
         when Date, Time
           I18n.localize object, format: active_admin_application.localize_format
         else

diff --git a/spec/unit/pretty_format_spec.rb b/spec/unit/pretty_format_spec.rb
@@ -8,20 +8,12 @@ def method_missing(*args, &block)
     mock_action_view.send *args, &block
   end
 
-  ['hello', 23, 5.67, 10**30, :foo].each do |obj|
+  ['hello', 23, 5.67, 10**30, :foo, Arbre::Element.new.br].each do |obj|
     it "should call `to_s` on #{obj.class}s" do
       expect(pretty_format(obj)).to eq obj.to_s
     end
   end
 
-  it "normalizes Arbre elements" do
-    expect(pretty_format(Arbre::Element.new.br)).to eq("<br>\n")
-  end
-
-  it "sanitizes Arbre elements" do
-    expect(pretty_format(Arbre::Element.new.script('alert("foo");'))).to eq("alert(&amp;quot;foo&amp;quot;);\n")
-  end
-
   shared_examples_for 'a time-ish object' do |t|
     it "formats it with the default long format" do
       expect(pretty_format(t)).to eq "February 28, 1985 20:15"

diff --git a/spec/unit/view_helpers/display_helper_spec.rb b/spec/unit/view_helpers/display_helper_spec.rb
@@ -10,7 +10,6 @@
   include ActiveAdmin::ViewHelpers::DisplayHelper
   include MethodOrProcHelper
   include ActionView::Helpers::UrlHelper
-  include ActionView::Helpers::SanitizeHelper
   include ActionView::Helpers::TranslationHelper
   include ActionView::Helpers::SanitizeHelper