Permalink
Browse files

Fix SafeBuffers by adding a dirty flag.

  • Loading branch information...
1 parent f4db3d7 commit 5be61ea5a9c577d9e7e93353bdca5017d01880ad @josevalim josevalim committed Jun 16, 2011
@@ -76,10 +76,33 @@ def html_safe?
module ActiveSupport #:nodoc:
class SafeBuffer < String
UNSAFE_STRING_METHODS = ["capitalize", "chomp", "chop", "delete", "downcase", "gsub", "lstrip", "next", "reverse", "rstrip", "slice", "squeeze", "strip", "sub", "succ", "swapcase", "tr", "tr_s", "upcase"].freeze
- alias safe_concat concat
+
+ alias_method :original_concat, :concat
+ private :original_concat
+
+ class SafeConcatError < StandardError
+ def initialize
+ super "Could not concatenate to the buffer because it is not html safe."
+ end
+ end
+
+ def safe_concat(value)
+ raise SafeConcatError if dirty?
+ original_concat(value)
+ end
+
+ def initialize(*)
+ @dirty = false
+ super
+ end
+
+ def initialize_copy(other)
+ super
+ @dirty = other.dirty?
+ end
def concat(value)
- if value.html_safe?
+ if dirty? || value.html_safe?
super(value)
else
super(ERB::Util.h(value))
@@ -92,11 +115,7 @@ def +(other)
end
def html_safe?
- true
- end
-
- def html_safe
- self
+ !dirty?
end
def to_s
@@ -113,7 +132,6 @@ def encode_with(coder)
def to_yaml(*args)
return super() if defined?(YAML::ENGINE) && !YAML::ENGINE.syck?
-
to_str.to_yaml(*args)
end
@@ -124,18 +142,21 @@ def #{unsafe_method}(*args)
end
def #{unsafe_method}!(*args)
- raise TypeError, "Cannot modify SafeBuffer in place"
+ @dirty = true
+ super
end
EOT
end
+
+ protected
+
+ def dirty?
+ @dirty
+ end
end
end
class String
- def html_safe!
- raise "You can't call html_safe! on a String"
- end
-
def html_safe
ActiveSupport::SafeBuffer.new(self)
end
@@ -4,6 +4,7 @@
rescue LoadError
end
+require 'active_support/core_ext/string/inflections'
require 'yaml'
class SafeBufferTest < ActiveSupport::TestCase
@@ -45,7 +46,7 @@ def setup
assert_equal ActiveSupport::SafeBuffer, new_buffer.class
end
- def test_to_yaml
+ test "Should be converted to_yaml" do
str = 'hello!'
buf = ActiveSupport::SafeBuffer.new str
yaml = buf.to_yaml
@@ -54,22 +55,53 @@ def test_to_yaml
assert_equal 'hello!', YAML.load(yaml)
end
- def test_nested
+ test "Should work in nested to_yaml conversion" do
str = 'hello!'
data = { 'str' => ActiveSupport::SafeBuffer.new(str) }
yaml = YAML.dump data
assert_equal({'str' => str}, YAML.load(yaml))
end
+ test "Should work with underscore" do
+ str = "MyTest".html_safe.underscore
+ assert_equal "my_test", str
+ end
+
test "Should not return safe buffer from gsub" do
altered_buffer = @buffer.gsub('', 'asdf')
assert_equal 'asdf', altered_buffer
assert !altered_buffer.html_safe?
end
- test "Should not allow gsub! on safe buffers" do
- assert_raise TypeError do
- @buffer.gsub!('', 'asdf')
+ test "Should not return safe buffer from gsub!" do
+ @buffer.gsub!('', 'asdf')
+ assert_equal 'asdf', @buffer
+ assert !@buffer.html_safe?
+ end
+
+ test "Should escape dirty buffers on add" do
+ dirty = @buffer
+ clean = "hello".html_safe
+ @buffer.gsub!('', '<>')
+ assert_equal "hello&lt;&gt;", clean + @buffer
+ end
+
+ test "Should concat as a normal string when dirty" do
+ dirty = @buffer
+ clean = "hello".html_safe
+ @buffer.gsub!('', '<>')
+ assert_equal "<>hello", @buffer + clean
+ end
+
+ test "Should preserve dirty? status on copy" do
+ @buffer.gsub!('', '<>')
+ assert !@buffer.dup.html_safe?
+ end
+
+ test "Should raise an error when safe_concat is called on dirty buffers" do
+ @buffer.gsub!('', '<>')
+ assert_raise ActiveSupport::SafeBuffer::SafeConcatError do
+ @buffer.safe_concat "BUSTED"
end
end
end

0 comments on commit 5be61ea

Please sign in to comment.