Permalink
Browse files

Merge pull request #6353 from nashby/safe-interpolation

fix safe string interpolation with SafeBuffer#%
  • Loading branch information...
2 parents aa96420 + 9fb21e9 commit 2ee8ed4e71a35bf784d6e06690ac6c6cce059734 @tenderlove tenderlove committed May 16, 2012
@@ -150,6 +150,20 @@ def +(other)
dup.concat(other)
end
+ def %(args)
+ args = Array(args)
+
+ args.map! do |arg|
+ if !html_safe? || arg.html_safe?
+ arg
+ else
+ ERB::Util.h(arg)
+ end
+ end
+
+ self.class.new(super(args))
+ end
+
def html_safe?
defined?(@html_safe) && @html_safe
end
@@ -439,6 +439,30 @@ def to_s
assert @other_string.html_safe?
end
+ test "Concatting safe onto unsafe with % yields unsafe" do
+ @other_string = "other%s"
+ string = @string.html_safe
+
+ @other_string = @other_string % string
+ assert !@other_string.html_safe?
+ end
+
+ test "Concatting unsafe onto safe with % yields escaped safe" do
+ @other_string = "other%s".html_safe
+ string = @other_string % "<foo>"
+
+ assert_equal "other&lt;foo&gt;", string
+ assert string.html_safe?
+ end
+
+ test "Concatting safe onto safe with % yields safe" do
+ @other_string = "other%s".html_safe
+ string = @string.html_safe
+
+ @other_string = @other_string % string
+ assert @other_string.html_safe?
+ end
+
test "Concatting a fixnum to safe always yields safe" do
string = @string.html_safe
string = string.concat(13)

0 comments on commit 2ee8ed4

Please sign in to comment.