Sanitize HMTL attributes in error and hint helpers when options are present

2011-06-03 11:16:29 -03:00 · 2011-06-03 11:16:29 -03:00 · b65e9743f6
parent 795691aced
commit b65e9743f6
2 changed files with 17 additions and 2 deletions
--- a/lib/simple_form/form_builder.rb
+++ b/lib/simple_form/form_builder.rb
@ -204,7 +204,7 @@ module SimpleForm
    #    f.error :name, :id => "cool_error"
    #
    def error(attribute_name, options={})
-      options[:error_html] = options.dup
+      options[:error_html] = options.except(:error_tag, :error_prefix, :error_method)
      column      = find_attribute_column(attribute_name)
      input_type  = default_input_type(attribute_name, column, options)
      SimpleForm::Inputs::Base.new(self, attribute_name, column, input_type, options).error
@ -238,7 +238,7 @@ module SimpleForm
    #    f.hint "Don't forget to accept this"
    #
    def hint(attribute_name, options={})
-      options[:hint_html] = options.dup
+      options[:hint_html] = options.except(:hint_tag)
      if attribute_name.is_a?(String)
        options[:hint] = attribute_name
        attribute_name, column, input_type = nil, nil, nil
--- a/test/form_builder_test.rb
+++ b/test/form_builder_test.rb
@ -456,6 +456,14 @@ class FormBuilderTest < ActionView::TestCase
    assert_no_select 'span.error[error_html]'
  end

+  test 'builder should generate an error tag with a clean HTML when errors options are present' do
+    with_error_for @user, :name, :error_tag => :p, :error_prefix => 'Name', :error_method => :first
+    assert_no_select 'p.error[error_html]'
+    assert_no_select 'p.error[error_tag]'
+    assert_no_select 'p.error[error_prefix]'
+    assert_no_select 'p.error[error_method]'
+  end
+
  test 'builder should allow passing options to error tag' do
    with_error_for @user, :name, :id => 'name_error'
    assert_select 'span.error#name_error', "can't be blank"
@ -501,6 +509,13 @@ class FormBuilderTest < ActionView::TestCase
    assert_no_select 'span.hint[hint_html]'
  end

+  test 'builder should generate a hint componet tag with a clean HTML when hint_tag option is present' do
+    with_hint_for @user, 'Hello World!', :hint_tag => :p
+    assert_no_select 'p.hint[hint]'
+    assert_no_select 'p.hint[hint_html]'
+    assert_no_select 'p.hint[hint_tag]'
+  end
+
  test 'builder should allow passing options to hint tag' do
    with_hint_for @user, :name, :hint => 'Hello World!', :id => 'name_hint'
    assert_select 'span.hint#name_hint', 'Hello World!'