Permalink
Browse files

Make sure capture's output gets html_escaped [#5545 state:resolved]

Also remove a duplicate test_link_to_unless assertion and add .html_safe to the
remaining one.

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
  • Loading branch information...
1 parent d446392 commit bb9c58eb4aa637fa75c69c705a9918d6322ff834 @jeffkreeftmeijer jeffkreeftmeijer committed with spastorino Oct 11, 2010
@@ -1,4 +1,5 @@
require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/string/output_safety'
module ActionView
# = Action View Capture Helper
@@ -38,7 +39,7 @@ def capture(*args)
value = nil
buffer = with_output_buffer { value = yield(*args) }
if string = buffer.presence || value and string.is_a?(String)
- string
+ html_escape string
end
end
@@ -28,6 +28,11 @@ def test_capture_returns_nil_if_the_returned_value_is_not_a_string
assert_nil @av.capture { 1 }
end
+ def test_capture_escapes_html
+ string = @av.capture { '<strong>foo</strong><em>bar</em>' }
+ assert_equal '&lt;strong&gt;foo&lt;/strong&gt;&lt;em&gt;bar&lt;/em&gt;', string
+ end
+
def test_content_for
assert ! content_for?(:title)
content_for :title, 'title'
@@ -263,12 +263,7 @@ def test_link_to_unless
assert_equal "<strong>Showing</strong>",
link_to_unless(true, "Showing", url_hash) { |name|
- "<strong>#{name}</strong>"
- }
-
- assert_equal "<strong>Showing</strong>",
- link_to_unless(true, "Showing", url_hash) { |name|
- "<strong>#{name}</strong>"
+ "<strong>#{name}</strong>".html_safe
}
assert_equal "test",

0 comments on commit bb9c58e

Please sign in to comment.