From a571a63529bd2a4900f92740e85f7b7f0e320b77 Mon Sep 17 00:00:00 2001
From: Roger Campos <roger@itnig.net>
Date: Fri, 8 Mar 2013 13:31:13 +0100
Subject: [PATCH] Fix: Don't escape & character when sanitizing false

---
 lib/assets/javascripts/best_in_place.js |  4 ++--
 spec/integration/js_spec.rb             | 21 +++++++++++++++++----
 test_app/db/schema.rb                   |  2 +-
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/lib/assets/javascripts/best_in_place.js b/lib/assets/javascripts/best_in_place.js
index f3f06d26..0f5577f1 100644
--- a/lib/assets/javascripts/best_in_place.js
+++ b/lib/assets/javascripts/best_in_place.js
@@ -42,7 +42,7 @@ BestInPlaceEditor.prototype = {
       if (this.sanitize) {
         to_display = this.element.text();
       } else {
-        to_display = this.element.html();
+        to_display = this.element.html().replace('&amp;', '&');
       }
     }
 
@@ -209,7 +209,7 @@ BestInPlaceEditor.prototype = {
 
   // Trim and Strips HTML from text
   sanitizeValue : function(s) {
-   return jQuery.trim(s);
+    return jQuery.trim(s);
   },
 
   /* Generate the data sent in the POST request */
diff --git a/spec/integration/js_spec.rb b/spec/integration/js_spec.rb
index fd79a407..92dcbc9f 100644
--- a/spec/integration/js_spec.rb
+++ b/spec/integration/js_spec.rb
@@ -792,8 +792,6 @@
     end
 
     describe "display_with using a lambda" do
-
-
       it "should render the money" do
         @user.save!
         visit user_path(@user)
@@ -803,8 +801,6 @@
         end
       end
 
-
-
       it "should show the new value using the helper after a successful update" do
         @user.save!
         visit user_path(@user)
@@ -887,6 +883,23 @@
     end
   end
 
+  it "should show the input with not-scaped ampersands with sanitize => false" do
+    @user.description = "A text with an & and a <b>Raw html</b>"
+    @user.save!
+
+    retry_on_timeout do
+      visit double_init_user_path(@user)
+
+      id = BestInPlace::Utils.build_best_in_place_id @user, :description
+      page.execute_script <<-JS
+        $("##{id}").click();
+      JS
+
+      text = page.find("##{id} textarea").value
+      text.should == "A text with an & and a <b>Raw html</b>"
+    end
+  end
+
   it "should keep the same value after multipe edits" do
     @user.save!
 
diff --git a/test_app/db/schema.rb b/test_app/db/schema.rb
index 241fbddc..148e94a5 100644
--- a/test_app/db/schema.rb
+++ b/test_app/db/schema.rb
@@ -32,9 +32,9 @@
     t.text     "favorite_books"
     t.datetime "birth_date"
     t.float    "money"
-    t.string   "favorite_movie"
     t.float    "money_proc"
     t.string   "height"
+    t.string   "favorite_movie"
     t.string   "favorite_locale"
   end