Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

3.0.10 - simple_format with :sanitize => false produces html unsafe string #2812

Closed
jonleighton opened this Issue · 2 comments

3 participants

@jonleighton
Collaborator
ruby-1.8.7-p352 :001 > a = ActionView::Base.new
 => #<ActionView::Base:0x7f61c08b6c70 @helpers=#<Module:0x7f61c08b39f8>, @output_buffer=nil, @lookup_context=#<ActionView::LookupContext:0x7f61c06a2650 @skip_default_locale=false, @details={:locale=>[:en, :en], :handlers=>[:rjs, :rhtml, :rxml, :builder, :haml, :erb], :formats=>[:html, :text, :js, :css, :ics, :csv, :xml, :rss, :atom, :yaml, :multipart_form, :url_encoded_form, :json]}, @frozen_formats=false, @view_paths=[], @details_key=nil>, @_virtual_path=nil, @_controller=nil, @controller=nil, @_content_for={}, @_config=#<OrderedHash {}>, @assigns={}> 
ruby-1.8.7-p352 :004 > a.simple_format("foo", {}, :sanitize => false).html_safe?
 => false 
ruby-1.8.7-p352 :005 > a.simple_format("foo", {}).html_safe?
 => true 

Appears to be fixed in 3.1 so need to work out what fixed it and backport.

@jonleighton jonleighton was assigned
@dsachitano dsachitano referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@dsachitano

I think that this behavior is correct. Test test_simple_format_should_not_be_html_safe_when_sanitize_option_is_false shows this.

So I think the problem is in 3-1-stable, and that it's behavior in this case is wrong. The test I just mentioned was committed to 3-0-stable, but does not appear in 3-1-stable. It appears that the change in simple_format behavior you allude to in 3.1 was caused in an attempt at fixing Issue #1745.

I've made a change for simple_format in 3-1-stable that I think will address the problem raised in Issue #1745, while still giving the correct behavior when :sanitize => false, and added some tests. https://github.com/dsachitano/rails/commits/3-1-stable

I am quite new to rails, so please double check to see if what I've found and done make any sense.

@rafaelfranca rafaelfranca was assigned
@rafaelfranca
Owner

hey @jonleighton, since Rails 3-0-stable is not supported anymore is this still an issue? If so I'll work on that.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.