Permalink
Browse files

rails_xss handles deprecated String html safety, when installed

  • Loading branch information...
1 parent b10bf83 commit 3ff921a65ae3a1d288148c14b3be17bef1f6bca1 @jeremy jeremy committed May 24, 2010
Showing with 1 addition and 29 deletions.
  1. +1 −29 activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -97,7 +97,6 @@ def to_yaml(*args)
class String
alias safe_concat concat
- alias_method :add_without_safety, :+
def as_str
self
@@ -108,38 +107,11 @@ def html_safe
end
def html_safe?
- defined?(@_rails_html_safe)
+ false
end
def html_safe!
ActiveSupport::Deprecation.warn("Use html_safe with your strings instead of html_safe! See http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/ for the full story.", caller)
- @_rails_html_safe = true
self
end
-
- def add_with_safety(other)
- result = add_without_safety(other)
- if html_safe? && also_html_safe?(other)
- result.html_safe!
- else
- result
- end
- end
- alias_method :+, :add_with_safety
-
- def concat_with_safety(other_or_fixnum)
- result = concat_without_safety(other_or_fixnum)
- unless html_safe? && also_html_safe?(other_or_fixnum)
- remove_instance_variable(:@_rails_html_safe) if defined?(@_rails_html_safe)
- end
- result
- end
- alias_method_chain :concat, :safety
- undef_method :<<
- alias_method :<<, :concat_with_safety
-
- private
- def also_html_safe?(other)
- other.respond_to?(:html_safe?) && other.html_safe?
- end
end

0 comments on commit 3ff921a

Please sign in to comment.