Permalink
Browse files

Try to call html safe before generate the content.

This also checks if respond to html_safe!, for Rails 2.3.5 with
rails_xss compatibility.
  • Loading branch information...
1 parent fdb23fd commit 6817f28ff0a8c024126ceaf5d085955782050cab @carlosantoniodasilva carlosantoniodasilva committed Oct 8, 2010
Showing with 16 additions and 4 deletions.
  1. +2 −3 lib/simple_form/components/labels.rb
  2. +13 −1 lib/simple_form/inputs/base.rb
  3. +1 −0 test/test_helper.rb
View
5 lib/simple_form/components/labels.rb
@@ -28,8 +28,7 @@ def label
end
def label_text
- result = SimpleForm.label_text.call(raw_label_text, required_label_text)
- result.respond_to?(:html_safe) ? result.html_safe : result
+ html_safe(SimpleForm.label_text.call(raw_label_text, required_label_text))
end
def label_target
@@ -66,4 +65,4 @@ def label_translation #:nodoc:
end
end
end
-end
+end
View
14 lib/simple_form/inputs/base.rb
@@ -39,7 +39,8 @@ def render
send(component)
end
content.compact!
- wrap(content.join.html_safe).html_safe
+ content = html_safe(content.join)
+ html_safe(wrap(content))
end
protected
@@ -64,6 +65,17 @@ def html_options_for(namespace, *extra)
html_options
end
+ # Ensure we make html safe only if it responds to it
+ def html_safe(content)
+ if content.respond_to?(:html_safe)
+ content.html_safe
+ elsif content.respond_to?(:html_safe!)
+ content.html_safe!
+ else
+ content
+ end
+ end
+
# Lookup translations for the given namespace using I18n, based on object name,
# actual action and attribute name. Lookup priority as follows:
#
View
1 test/test_helper.rb
@@ -1,5 +1,6 @@
require 'rubygems'
require 'test/unit'
+require 'mocha'
require 'action_controller'
require 'action_view/test_case'

0 comments on commit 6817f28

Please sign in to comment.