Permalink
Browse files

Merge pull request #10971 from dtaniwaki/escape_link_to_unless

Always escape the result of link_to_unless method
  • Loading branch information...
2 parents ce13dc2 + c91e1cc commit 2e3880ca6278ea6a9e938393b1288ded07868654 @rafaelfranca rafaelfranca committed Jun 17, 2013
@@ -380,7 +380,7 @@ def link_to_unless(condition, name, options = {}, html_options = {}, &block)
if block_given?
block.arity <= 1 ? capture(name, &block) : capture(name, options, html_options, &block)
else
- name
+ ERB::Util.html_escape(name)
end
else
link_to(name, options, html_options)
@@ -348,6 +348,11 @@ def test_link_to_unless
link_to_unless(true, "Showing", url_hash) {
"test"
}
+
+ assert_equal %{&lt;b&gt;Showing&lt;/b&gt;}, link_to_unless(true, "<b>Showing</b>", url_hash)
+ assert_equal %{<a href="/">&lt;b&gt;Showing&lt;/b&gt;</a>}, link_to_unless(false, "<b>Showing</b>", url_hash)
+ assert_equal %{<b>Showing</b>}, link_to_unless(true, "<b>Showing</b>".html_safe, url_hash)
+ assert_equal %{<a href="/"><b>Showing</b></a>}, link_to_unless(false, "<b>Showing</b>".html_safe, url_hash)
end
def test_link_to_if

0 comments on commit 2e3880c

Please sign in to comment.