Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Explicit html_escape removed when not needed

Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
  • Loading branch information...
commit 98a5bf8ff219f796e6db2d8d8b21dd114be47965 1 parent 9f1900e
Santiago Pastorino and José Ignacio Costa authored Yehuda Katz committed
View
4 actionpack/lib/action_view/helpers/active_model_helper.rb
@@ -127,7 +127,7 @@ def error_message_on(object, method, *args)
if (obj = (object.respond_to?(:errors) ? object : instance_variable_get("@#{object}"))) &&
(errors = obj.errors[method])
content_tag("div",
- "#{options[:prepend_text]}#{ERB::Util.html_escape(errors.first)}#{options[:append_text]}".html_safe,
+ (options[:prepend_text].html_safe << errors.first).safe_concat(options[:append_text]),
:class => options[:css_class]
)
else
@@ -226,7 +226,7 @@ def error_messages_for(*params)
error_messages = objects.sum do |object|
object.errors.full_messages.map do |msg|
- content_tag(:li, ERB::Util.html_escape(msg))
+ content_tag(:li, msg)
end
end.join.html_safe
View
2  actionpack/lib/action_view/helpers/tag_helper.rb
@@ -127,7 +127,7 @@ def block_called_from_erb?(block)
def content_tag_string(name, content, options, escape = true)
tag_options = tag_options(options, escape) if options
- "<#{name}#{tag_options}>#{ERB::Util.h content}</#{name}>".html_safe
+ ("<#{name}#{tag_options}>".html_safe << content.to_s).safe_concat("</#{name}>")
end
def tag_options(options, escape = true)
View
2  actionpack/lib/action_view/helpers/url_helper.rb
@@ -226,7 +226,7 @@ def link_to(*args, &block)
end
href_attr = "href=\"#{url}\"" unless href
- "<a #{href_attr}#{tag_options}>#{ERB::Util.h(name || url)}</a>".html_safe
+ ("<a #{href_attr}#{tag_options}>".html_safe << (name || url)).safe_concat("</a>")
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.