Permalink
Browse files

Fixed false fragment labels on date/time inputs producing unsafe HTML.

Also beefed up related coverage and uncommented a valid spec.

fixes #647
  • Loading branch information...
1 parent 5fb1d2c commit f1d0ab3772eb7dbf0fb1c23ffe10ee3220f2e345 @justinfrench committed Aug 14, 2011
@@ -147,7 +147,7 @@ def fragment_name(fragment)
def fragment_label_html(fragment)
text = fragment_label(fragment)
- text.blank? ? "" : template.content_tag(:label, text, :for => fragment_id(fragment))
+ text.blank? ? "".html_safe : template.content_tag(:label, text, :for => fragment_id(fragment))
end
def value
@@ -95,6 +95,26 @@
output_buffer.should have_tag('form li.date fieldset ol li label', /#{f}/i) unless field == f
end
end
+
+ it "should not display the label for the #{field} field when :labels[:#{field}] is false" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :date, :labels => { field => false }))
+ end)
+ output_buffer.should have_tag('form li.date fieldset ol li label', :count => fields.length-1)
+ fields.each do |f|
+ output_buffer.should have_tag('form li.date fieldset ol li label', /#{f}/i) unless field == f
+ end
+ end
+
+ it "should not render unsafe HTML when :labels[:#{field}] is false" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :time, :include_seconds => true, :labels => { field => false }))
+ end)
+ output_buffer.should_not include(">")
+ end
+
end
end
@@ -89,17 +89,36 @@
output_buffer.should have_tag('form li.datetime fieldset ol li label', f == field ? /another #{f} label/i : /#{f}/i)
end
end
-
- #it "should not display the label for the #{field} field when :labels[:#{field}] is blank" do
- # output_buffer.replace ''
- # concat(semantic_form_for(@new_post) do |builder|
- # concat(builder.input(:created_at, :as => :datetime, :labels => { field => "" }))
- # end)
- # output_buffer.should have_tag('form li.datetime fieldset ol li label', :count => fields.length-1)
- # fields.each do |f|
- # output_buffer.should have_tag('form li.datetime fieldset ol li label', /#{f}/i) unless field == f
- # end
- #end
+
+ it "should not display the label for the #{field} field when :labels[:#{field}] is blank" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :datetime, :labels => { field => "" }))
+ end)
+ output_buffer.should have_tag('form li.datetime fieldset ol li label', :count => fields.length-1)
+ fields.each do |f|
+ output_buffer.should have_tag('form li.datetime fieldset ol li label', /#{f}/i) unless field == f
+ end
+ end
+
+ it "should not display the label for the #{field} field when :labels[:#{field}] is false" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :datetime, :labels => { field => false }))
+ end)
+ output_buffer.should have_tag('form li.datetime fieldset ol li label', :count => fields.length-1)
+ fields.each do |f|
+ output_buffer.should have_tag('form li.datetime fieldset ol li label', /#{f}/i) unless field == f
+ end
+ end
+
+ it "should not render unsafe HTML when :labels[:#{field}] is false" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :time, :include_seconds => true, :labels => { field => false }))
+ end)
+ output_buffer.should_not include(">")
+ end
end
end
@@ -126,6 +126,26 @@
output_buffer.should have_tag('form li.time fieldset ol li label', /#{f}/i) unless field == f
end
end
+
+ it "should not render the label when :labels[:#{field}] is false" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :time, :include_seconds => true, :labels => { field => false }))
+ end)
+ output_buffer.should have_tag('form li.time fieldset ol li label', :count => fields.length-1)
+ fields.each do |f|
+ output_buffer.should have_tag('form li.time fieldset ol li label', /#{f}/i) unless field == f
+ end
+ end
+
+ it "should not render unsafe HTML when :labels[:#{field}] is false" do
+ output_buffer.replace ''
+ concat(semantic_form_for(@new_post) do |builder|
+ concat(builder.input(:created_at, :as => :time, :include_seconds => true, :labels => { field => false }))
+ end)
+ output_buffer.should_not include(">")
+ end
+
end
end

0 comments on commit f1d0ab3

Please sign in to comment.