From 0a77c0530871d7518433e1188e552d477f74469b Mon Sep 17 00:00:00 2001 From: Akihito Tsukamoto Date: Mon, 19 Aug 2019 23:57:42 +0900 Subject: [PATCH] Prevent TagBuilder modify options --- actionview/lib/action_view/helpers/tag_helper.rb | 2 +- actionview/test/template/tag_helper_test.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/actionview/lib/action_view/helpers/tag_helper.rb b/actionview/lib/action_view/helpers/tag_helper.rb index 3979721d34026..8eaceb1f87438 100644 --- a/actionview/lib/action_view/helpers/tag_helper.rb +++ b/actionview/lib/action_view/helpers/tag_helper.rb @@ -88,7 +88,7 @@ def tag_option(key, value, escape) if value.is_a?(Array) value = escape ? safe_join(value, " ") : value.join(" ") else - value = escape ? ERB::Util.unwrapped_html_escape(value) : value.to_s.dup + value = escape ? ERB::Util.unwrapped_html_escape(value).dup : value.to_s.dup end value.gsub!('"', """) %(#{key}="#{value}") diff --git a/actionview/test/template/tag_helper_test.rb b/actionview/test/template/tag_helper_test.rb index 9a6226fd04f1a..6626f78678566 100644 --- a/actionview/test/template/tag_helper_test.rb +++ b/actionview/test/template/tag_helper_test.rb @@ -79,6 +79,13 @@ def test_tag_builder_options_converts_boolean_option tag.p(disabled: true, itemscope: true, multiple: true, readonly: true, allowfullscreen: true, seamless: true, typemustmatch: true, sortable: true, default: true, inert: true, truespeed: true) end + def test_tag_builder_do_not_modify_html_safe_options + html_safe_str = '"'.html_safe + assert_equal "

", tag("p", value: html_safe_str) + assert_equal '"', html_safe_str + assert html_safe_str.html_safe? + end + def test_content_tag assert_equal "Create", content_tag("a", "Create", "href" => "create") assert_predicate content_tag("a", "Create", "href" => "create"), :html_safe?