Merge pull request #12760 from pseidemann/master

fix simple_format escapes own output when sanitize is set to true
Conflicts:

	actionpack/lib/action_view/helpers/text_helper.rb
	actionview/CHANGELOG.md

actionpack/CHANGELOG.md

@@ -1,3 +1,7 @@
+*   Fix `simple_format` escapes own output when passing `sanitize: true`
+
+    *Paul Seidemann*
+
 *   Don't let strong parameters mutate the given hash via `fetch`
 
     Create a new instance if the given parameter is a `Hash` instead of

actionpack/lib/action_view/helpers/text_helper.rb

@@ -266,7 +266,7 @@ def simple_format(text, html_options = {}, options = {})
           content_tag(wrapper_tag, nil, html_options)
         else
           paragraphs.map { |paragraph|
-            content_tag(wrapper_tag, paragraph, html_options, options[:sanitize])
+            content_tag(wrapper_tag, paragraph, html_options, false)
           }.join("\n\n").html_safe
         end
       end

actionpack/test/template/text_helper_test.rb

@@ -42,6 +42,11 @@ def test_simple_format_should_sanitize_input_when_sanitize_option_is_not_false
     assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
   end
 
+  def test_simple_format_should_sanitize_input_when_sanitize_option_is_true
+    assert_equal '<p><b> test with unsafe string </b></p>',
+      simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true)
+  end
+
   def test_simple_format_should_not_sanitize_input_when_sanitize_option_is_false
     assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>", {}, :sanitize => false)
   end