ensuring that json_escape returns html safe strings when passed an ht…

…ml safe string
novotarq · Jun 9, 2011 · cce7085 · cce7085
1 parent 8fcdc15
commit cce7085
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb
@@ -15,6 +15,16 @@ class ErbUtilTest < Test::Unit::TestCase
     end
   end
 
+  def test_json_escape_returns_unsafe_strings_when_passed_unsafe_strings
+    value = json_escape("asdf")
+    assert !value.html_safe?
+  end
+
+  def test_json_escape_returns_safe_strings_when_passed_safe_strings
+    value = json_escape("asdf".html_safe)
+    assert value.html_safe?
+  end
+
   def test_html_escape_is_html_safe
     escaped = h("<p>")
     assert_equal "&lt;p&gt;", escaped

diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -50,7 +50,8 @@ def html_escape(s)
     #   <%=j @person.to_json %>
     #
     def json_escape(s)
-      s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+      result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+      s.html_safe? ? result.html_safe : result
     end
 
     alias j json_escape