Permalink
Browse files

Merge pull request #14529 from rwz/master

ActiveSupport::SafeBuffer#prepend inconsistency
  • Loading branch information...
2 parents 3bcc51a + 8482895 commit 821f968726617b24340c368f025a78adff731a8f @rafaelfranca rafaelfranca committed Apr 2, 2014
@@ -1,3 +1,9 @@
+* `ActiveSupport::SafeBuffer#prepend` acts like `String#prepend` and modifies
+ instance in-place, returning self. `ActiveSupport::SafeBuffer#prepend!` is
+ deprecated.
+
+ *Pavel Pravosud*
+
* `HashWithIndifferentAccess` better respects `#to_hash` on objects it's
given. In particular, `.new`, `#update`, `#merge`, `#replace` all accept
objects which respond to `#to_hash`, even if those objects are not Hashes
@@ -124,7 +124,7 @@ module ActiveSupport #:nodoc:
class SafeBuffer < String
UNSAFE_STRING_METHODS = %w(
capitalize chomp chop delete downcase gsub lstrip next reverse rstrip
- slice squeeze strip sub succ swapcase tr tr_s upcase prepend
+ slice squeeze strip sub succ swapcase tr tr_s upcase
)
alias_method :original_concat, :concat
@@ -169,15 +169,18 @@ def clone_empty
self[0, 0]
end
- def concat(value)
- if !html_safe? || value.html_safe?
- super(value)
- else
- super(ERB::Util.h(value))
+ %w[concat prepend].each do |method_name|
+ define_method method_name do |value|
+ super(html_escape_interpolated_argument(value))
end
end
alias << concat
+ def prepend!(value)
+ ActiveSupport::Deprecation.deprecation_warning "ActiveSupport::SafeBuffer#prepend!", :prepend
+ prepend value
+ end
+
def +(other)
dup.concat(other)
end
@@ -4,6 +4,7 @@
require 'inflector_test_cases'
require 'constantize_test_cases'
+require 'active_support/deprecation/reporting'
require 'active_support/inflector'
require 'active_support/core_ext/string'
require 'active_support/time'
@@ -608,6 +609,27 @@ def to_s
assert !@other_combination.html_safe?
end
+ test "Prepending safe onto unsafe yields unsafe" do
+ @string.prepend "other".html_safe
+ assert !@string.html_safe?
+ assert_equal @string, "otherhello"
+ end
+
+ test "Prepending unsafe onto safe yields escaped safe" do
+ other = "other".html_safe
+ other.prepend "<foo>"
+ assert other.html_safe?
+ assert_equal other, "&lt;foo&gt;other"
+ end
+
+ test "Deprecated #prepend! method is still present" do
+ ActiveSupport::Deprecation.silence do
+ other = "other".html_safe
+ other.prepend! "<foo>"
+ assert_equal other, "&lt;foo&gt;other"
+ end
+ end
+
test "Concatting safe onto unsafe yields unsafe" do
@other_string = "other"

2 comments on commit 821f968

@rwz
Contributor
rwz commented on 821f968 Apr 7, 2014

Hey guys, what do you think about backporting this fix into 4-1-stable?

@rafaelfranca
Member
Please sign in to comment.