Permalink
Browse files

Merge pull request #12760 from pseidemann/master

fix simple_format escapes own output when sanitize is set to true
  • Loading branch information...
2 parents 97f0d9a + 881a2cc commit 675304b478dd36eacd3bac96c9eef96890d4aa91 @senny senny committed Nov 9, 2013
@@ -1,6 +1,10 @@
+* Fix `simple_format` escapes own output when passing `sanitize: true`
+
+ *Paul Seidemann*
+
* Ensure ActionView::Digestor.cache is correctly cleaned up when
combining recursive templates with ActionView::Resolver.caching = false
-
+
*wyaeld*
* Fix `collection_check_boxes` generated hidden input to use the name attribute provided
@@ -268,7 +268,7 @@ def simple_format(text, html_options = {}, options = {})
content_tag(wrapper_tag, nil, html_options)
else
paragraphs.map! { |paragraph|
- content_tag(wrapper_tag, paragraph, html_options, options[:sanitize])
+ content_tag(wrapper_tag, paragraph, html_options, false)
}.join("\n\n").html_safe
end
end
@@ -42,6 +42,11 @@ def test_simple_format_should_sanitize_input_when_sanitize_option_is_not_false
assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
end
+ def test_simple_format_should_sanitize_input_when_sanitize_option_is_true
+ assert_equal '<p><b> test with unsafe string </b></p>',
+ simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true)
+ end
+
def test_simple_format_should_not_sanitize_input_when_sanitize_option_is_false
assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>", {}, :sanitize => false)
end

0 comments on commit 675304b

Please sign in to comment.