diff --git a/lib/cross_site_sniper.rb b/lib/cross_site_sniper.rb
index f6ebf18..74b5753 100644
--- a/lib/cross_site_sniper.rb
+++ b/lib/cross_site_sniper.rb
@@ -41,7 +41,7 @@ def define_attribute_methods_with_html_escaping
val = send("#{column.name}_without_html_escaping")
#if htmlescaping is disabled, just send it as is.
- return val if @html_escaping_disabled
+ return val if CrossSiteSniper.disabled?
# Only escape strings. Other data types, such
# as 'nil', should be returned uncorrupted.
@@ -64,9 +64,9 @@ def method_missing(method_sym,*args,&blk)
#catch without_html_escaping for non-column methods and simulate it
if method_sym.to_s[/(.+)_without_html_escaping/]
original_method = $1
- @html_escaping_disabled = true
+ CrossSiteSniper.disabled = true
val = self.send(original_method)
- @html_escaping_disabled = false
+ CrossSiteSniper.disabled = false
return val
else
super
@@ -123,3 +123,13 @@ def html_escape(opts = {})
end
end
end
+
+class CrossSiteSniper
+ def self.disabled?
+ @disabled
+ end
+
+ def self.disabled=(x)
+ @disabled = x
+ end
+end
\ No newline at end of file
diff --git a/test/cross_site_sniper_test.rb b/test/cross_site_sniper_test.rb
index c902cfa..b6dc37c 100644
--- a/test/cross_site_sniper_test.rb
+++ b/test/cross_site_sniper_test.rb
@@ -1,6 +1,6 @@
require 'test/unit'
require 'rubygems'
-gem 'activerecord', '>= 2.0.2'
+gem 'activerecord', '>= 2.3.0'
require 'active_record'
require 'erb'
require "#{File.dirname(__FILE__)}/../init"
@@ -12,7 +12,7 @@ class CrossSiteSniperTest < Test::Unit::TestCase
def setup
setup_db
@hunter = SnipeHunter.create(:name => 'One', :title => 'One Title', :description => 'One Description',:age => 42)
- @snipe = Snipe.create(:species => 'Fitch', :genus => 'Abercrombie')
+ @snipe = Snipe.create(:species => 'Fitch', :genus => 'Abercrombie', :snipe_hunter => @hunter)
@leprechaun = Leprechaun.create(:name => 'Clover McGillicuty')
end
@@ -47,12 +47,15 @@ def test_basics
assert_equal('<b>Fitch</b>',snipe.species)
assert_equal('Abercrombie',snipe.genus)
+ assert_equal('<b>Fitch</b>',hunter.first_snipe_species)
+ assert_equal('Fitch',hunter.first_snipe_species_without_html_escaping)
+
assert_equal('Clover McGillicuty',leprechaun.name)
end
end
class SnipeHunter < ActiveRecord::Base
-
+ has_many :snipes
#make title unescaped
html_escape :except => :title
@@ -60,9 +63,12 @@ class SnipeHunter < ActiveRecord::Base
def description; 'Overriden'; end
def name_and_age; "#{name}(#{age})"; end
+
+ def first_snipe_species; snipes.first.species; end
end
class Snipe < ActiveRecord::Base
+ belongs_to :snipe_hunter
#only escape species
html_escape :only => :species
end
@@ -87,6 +93,7 @@ def setup_db
end
create_table :snipes do |t|
+ t.column :snipe_hunter_id, :integer
t.column :species, :string
t.column :genus, :string
end