Skip to content
This repository
Browse code

content_tag_string shouldn't escape_html if escape param is false

  • Loading branch information...
commit 399b493cb454e6f6dd1a310ba31adaa8e6550830 1 parent eebac02
Santiago Pastorino authored June 06, 2010 wycats committed June 07, 2010
2  actionpack/lib/action_view/helpers/tag_helper.rb
@@ -110,7 +110,7 @@ def escape_once(html)
110 110
 
111 111
         def content_tag_string(name, content, options, escape = true)
112 112
           tag_options = tag_options(options, escape) if options
113  
-          "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe
  113
+          "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe
114 114
         end
115 115
 
116 116
         def tag_options(options, escape = true)
2  actionpack/test/template/tag_helper_test.rb
@@ -39,6 +39,8 @@ def test_content_tag
39 39
                  content_tag("a", "Create", :href => "create")
40 40
     assert_equal "<p>&lt;script&gt;evil_js&lt;/script&gt;</p>",
41 41
                  content_tag(:p, '<script>evil_js</script>')
  42
+    assert_equal "<p><script>evil_js</script></p>",
  43
+                 content_tag(:p, '<script>evil_js</script>', nil, false)
42 44
   end
43 45
 
44 46
   def test_content_tag_with_block_in_erb

0 notes on commit 399b493

Please sign in to comment.
Something went wrong with that request. Please try again.