Skip to content

Commit

Permalink
FormOptionsHelper#grouped_options_for_select return a html_safe strin…
Browse files Browse the repository at this point in the history 
…g (and test to check that)
  • Loading branch information
@marklazz
marklazz committed Dec 13, 2010
1 parent 1f40039 commit 4fee0a2
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 0 deletions.
13 changes: 13 additions & 0 deletions lib/rails_xss/action_view.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,19 @@ def link_to(*args, &block)
end
end
end

module FormOptionsHelper

def option_groups_from_collection_for_select_with_escaping(collection, group_method, group_label_method, option_key_method, option_value_method, selected_key = nil)
option_groups_from_collection_for_select_without_escaping(collection, group_method, group_label_method, option_key_method, option_value_method, selected_key).html_safe
end
alias_method_chain :option_groups_from_collection_for_select, :escaping

def grouped_options_for_select_with_escaping(grouped_options, selected_key = nil, prompt = nil)
grouped_options_for_select_without_escaping(grouped_options, selected_key, prompt).html_safe
end
alias_method_chain :grouped_options_for_select, :escaping
end
end
end

Expand Down
40 changes: 40 additions & 0 deletions test/form_options_helper_test.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
require 'test_helper'

class FormOptionsHelperTest < ActionView::TestCase

Continent = Struct.new(:continent_name, :countries)
Country = Struct.new(:country_id, :country_name)

def test_option_groups_from_collection_for_select_returns_html_safe_string
assert option_groups_from_collection_for_select(dummy_continents, "countries", "continent_name", "country_id", "country_name", "dk").html_safe?
end

def test_option_groups_from_collection_for_select_escapes_unsafe
option_groups_from_collection_for_select_result = option_groups_from_collection_for_select(dummy_continents, "countries", "continent_name", "country_id", "country_name", "dk")
assert !option_groups_from_collection_for_select_result.match(/<Africa>/)
assert option_groups_from_collection_for_select_result.match(/&lt;Africa&gt;/)
end

def test_grouped_options_for_select_returns_html_safe_string
assert grouped_options_for_select([["Hats", ["Baseball Cap","Cowboy Hat"]]]).html_safe?
end

def test_grouped_options_for_select_prompt_is_escaped
grouped_options_result = grouped_options_for_select(grouped_options_sample_data, 'Europe', 'Some unescaped <script>text.</script>')
assert !grouped_options_result.match(/<script>/)
assert grouped_options_result.match(/&lt;script&gt;/)
end

private

def dummy_continents
[ Continent.new("<Africa>", [Country.new("<sa>", "<South Africa>"), Country.new("so", "Somalia")] ),
Continent.new("Europe", [Country.new("dk", "Denmark"), Country.new("ie", "Ireland")] ) ]
end

def grouped_options_sample_data
[ ['North America', [['United States','US'],'Canada']],
['Europe', ['Denmark','Germany','France']]]
end

end

0 comments on commit 4fee0a2

Please sign in to comment.