Skip to content
Browse files

Escape excerpt text by default (#42)

  • Loading branch information...
1 parent c735141 commit ed2c5143d7869e31e54bdd8299b2c7d4b86b47ca @edouard edouard committed with pat Oct 4, 2009
View
1 lib/thinking_sphinx.rb
@@ -6,6 +6,7 @@
require 'riddle'
require 'after_commit'
require 'yaml'
+require 'cgi'
require 'thinking_sphinx/core/array'
require 'thinking_sphinx/core/string'
View
2 lib/thinking_sphinx/excerpter.rb
@@ -14,7 +14,7 @@ def initialize(search, instance)
end
def method_missing(method, *args, &block)
- string = @instance.send(method, *args, &block).to_s
+ string = CGI::escapeHTML @instance.send(method, *args, &block).to_s
@search.excerpt_for(string, @instance.class)
end
View
4 spec/fixtures/models.rb
@@ -106,6 +106,10 @@ def big_name
name.upcase
end
+ def string_to_escape
+ 'test "escaping" <characters>'
+ end
+
def sphinx_attributes
:existing
end
View
8 spec/lib/thinking_sphinx/excerpter_spec.rb
@@ -40,6 +40,14 @@
@excerpter.big_name
end
+ it "should escape the text in the excerpt" do
+ @search.should_receive(:excerpt_for) do |string, model|
+ string.should == 'test &quot;escaping&quot; &lt;characters&gt;'
+ end
+
+ @excerpter.string_to_escape
+ end
+
it "should still raise an exception if no column or method exists" do
lambda {
@excerpter.foo

0 comments on commit ed2c514

Please sign in to comment.
Something went wrong with that request. Please try again.