Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

As per Rails 3 convention, helpers now escape unsafe input instead of…

… sanitizing. Closes #issue 2
  • Loading branch information...
commit ded95e17efaac2f740e594cbee2fd20893915c5c 1 parent 4c43f4e
@rohit authored
View
2  README.md
@@ -63,7 +63,7 @@ With options:
To be `:safe`
============
-Being Rails text helpers, all three methods accept the `:safe` option that tells the helpers that the input text need not be sanitized.
+Being Rails text helpers, all three methods accept the `:safe` option that tells the helpers that the input text need not be escaped.
Credits
=======
View
4 lib/prarupa/text_helpers.rb
@@ -26,7 +26,7 @@ module TextHelpers
#
def textilize(text, *options)
options ||= [:hard_breaks]
- text = sanitize(text) unless text.html_safe? || options.delete(:safe)
+ text = h(text) unless text.html_safe? || options.delete(:safe)
if text.blank?
""
@@ -79,7 +79,7 @@ def textilize_without_paragraph(text, *options)
# markdown('![The ROR logo](http://rubyonrails.com/images/rails.png "Ruby on Rails")')
# # => '<p><img src="http://rubyonrails.com/images/rails.png" alt="The ROR logo" title="Ruby on Rails" /></p>'
def markdown(text, *options)
- text = sanitize(text) unless text.html_safe? || options.delete(:safe)
+ text = h(text) unless text.html_safe? || options.delete(:safe)
if text.blank?
""
View
2  lib/prarupa/version.rb
@@ -1,3 +1,3 @@
module Prarupa
- VERSION = '0.1.1'
+ VERSION = '0.1.2'
end
View
26 test/prarupa/text_helpers_test.rb
@@ -19,15 +19,15 @@ def test_textilize_with_options
assert_equal("<p>This is worded &lt;strong&gt;strongly&lt;/strong&gt;</p>", textilize("This is worded <strong>strongly</strong>", :filter_html))
end
- def test_textilize_should_sanitize_unsafe_input
- assert_equal("<p>This is worded <strong>strongly</strong></p>", textilize("This is worded <strong>strongly</strong><script>code!</script>"))
+ def test_textilize_should_escape_unsafe_input
+ assert_equal("<p>This is worded &lt;strong&gt;strongly&lt;/strong&gt;&lt;script&gt;code!&lt;/script&gt;</p>", textilize("This is worded <strong>strongly</strong><script>code!</script>"))
end
- def test_textilize_should_not_sanitize_input_if_safe_option
+ def test_textilize_should_not_escape_input_if_safe_option
assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", textilize("This is worded <strong>strongly</strong><script>code!</script>", :safe))
end
- def test_textilize_should_not_sanitize_safe_input
+ def test_textilize_should_not_escape_safe_input
assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", textilize("This is worded <strong>strongly</strong><script>code!</script>".html_safe))
end
@@ -51,15 +51,15 @@ def test_textilize_without_paragraph_with_options
assert_equal("This is worded &lt;strong&gt;strongly&lt;/strong&gt;", textilize_without_paragraph("This is worded <strong>strongly</strong>", :filter_html))
end
- def test_textilize_without_paragraph_should_sanitize_unsafe_input
- assert_equal("This is worded <strong>strongly</strong>", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>"))
+ def test_textilize_without_paragraph_should_escape_unsafe_input
+ assert_equal("This is worded &lt;strong&gt;strongly&lt;/strong&gt;&lt;script&gt;code!&lt;/script&gt;", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>"))
end
- def test_textilize_without_paragraph_should_not_sanitize_input_if_safe_option
+ def test_textilize_without_paragraph_should_not_escape_input_if_safe_option
assert_equal("This is worded <strong>strongly</strong><script>code!</script>", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>", :safe))
end
- def test_textilize_without_paragraph_should_not_sanitize_safe_input
+ def test_textilize_without_paragraph_should_not_escape_safe_input
assert_equal("This is worded <strong>strongly</strong><script>code!</script>", textilize_without_paragraph("This is worded <strong>strongly</strong><script>code!</script>".html_safe))
end
@@ -80,18 +80,18 @@ def test_markdown_with_blank
end
def test_markdown_with_options
- assert_equal("<p>This is worded &lt;strong>strongly&lt;/strong></p>", markdown("This is worded <strong>strongly</strong>", :filter_html))
+ assert_equal("<p>Links are like this <a href=\"http://rohitarondekar.com\">http://rohitarondekar.com</a></p>", markdown("Links are like this http://rohitarondekar.com", :autolink))
end
- def test_markdown_should_sanitize_unsafe_input
- assert_equal("<p>This is worded <strong>strongly</strong></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>"))
+ def test_markdown_should_escape_unsafe_input
+ assert_equal("<p>This is worded &lt;strong&gt;strongly&lt;/strong&gt;&lt;script&gt;code!&lt;/script&gt;</p>", markdown("This is worded <strong>strongly</strong><script>code!</script>"))
end
- def test_markdown_should_not_sanitize_input_if_safe_option
+ def test_markdown_should_not_escape_input_if_safe_option
assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>", :safe))
end
- def test_markdown_should_not_sanitize_safe_input
+ def test_markdown_should_not_escape_safe_input
assert_equal("<p>This is worded <strong>strongly</strong><script>code!</script></p>", markdown("This is worded <strong>strongly</strong><script>code!</script>".html_safe))
end
Please sign in to comment.
Something went wrong with that request. Please try again.