do not return html safe strings from auto_link

rails · Apr 5, 2011 · 2e757bc · 2e757bc
1 parent e9020b4
commit 2e757bc
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -303,7 +303,7 @@ def simple_format(text, html_options={}, options={})
       #   # => "Welcome to my new blog at <a href=\"http://www.myblog.com/\" target=\"_blank\">http://www.myblog.com</a>.
       #         Please e-mail me at <a href=\"mailto:me@email.com\">me@email.com</a>."
       def auto_link(text, *args, &block)#link = :all, html = {}, &block)
-        return ''.html_safe if text.blank?
+        return '' if text.blank?
 
         options = args.size == 2 ? {} : args.extract_options! # this is necessary because the old auto_link API has a Hash as its last parameter
         unless args.empty?
@@ -507,7 +507,7 @@ def auto_link_urls(text, html_options = {}, options = {})
               end
               content_tag(:a, link_text, link_attributes.merge('href' => href), !!options[:sanitize]) + punctuation.reverse.join('')
             end
-          end.html_safe
+          end
         end
 
         # Turns all email addresses into clickable links.  If a block is given,

diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb
@@ -315,14 +315,20 @@ def generate_result(link_text, href = nil, escape = false)
     end
   end
 
-  def test_auto_link_should_be_html_safe
+  def test_auto_link_should_not_be_html_safe
     email_raw    = 'santiago@wyeworks.com'
     link_raw     = 'http://www.rubyonrails.org'
 
-    assert auto_link(nil).html_safe?
-    assert auto_link('').html_safe?
-    assert auto_link("#{link_raw} #{link_raw} #{link_raw}").html_safe?
-    assert auto_link("hello #{email_raw}").html_safe?
+    assert !auto_link(nil).html_safe?, 'should not be html safe'
+    assert !auto_link('').html_safe?, 'should not be html safe'
+    assert !auto_link("#{link_raw} #{link_raw} #{link_raw}").html_safe?, 'should not be html safe'
+    assert !auto_link("hello #{email_raw}").html_safe?, 'should not be html safe'
+  end
+
+  def test_auto_link_email_address
+    email_raw    = 'aaron@tenderlovemaking.com'
+    email_result = %{<a href="mailto:#{email_raw}">#{email_raw}</a>}
+    assert !auto_link_email_addresses(email_result).html_safe?, 'should not be html safe'
   end
 
   def test_auto_link