Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

button_tag should escape it content

  • Loading branch information...
commit 1de47a0d56328768dfba0e5f86e1ff9491e62c20 1 parent 20897a6
Santiago Pastorino spastorino authored
2  actionpack/lib/action_view/helpers/form_tag_helper.rb
View
@@ -457,7 +457,7 @@ def button_tag(label = "Button", options = {})
options[option] = "button" unless options[option]
end
- content_tag :button, label.to_s.html_safe, { "type" => options.delete("type") }.update(options)
+ content_tag :button, label, { "type" => options.delete("type") }.update(options)
end
# Displays an image which when clicked will submit the form.
7 actionpack/test/template/form_tag_helper_test.rb
View
@@ -413,6 +413,13 @@ def test_button_tag_with_disabled_option
)
end
+ def test_button_tag_escape_content
+ assert_dom_equal(
+ %(<button name="button" type="reset" disabled="disabled">&lt;b&gt;Reset&lt;/b&gt;</button>),
+ button_tag("<b>Reset</b>", :type => "reset", :disabled => true)
+ )
+ end
+
def test_image_submit_tag_with_confirmation
assert_dom_equal(
%(<input type="image" src="/images/save.gif" data-confirm="Are you sure?" />),
Please sign in to comment.
Something went wrong with that request. Please try again.