From 0415b76d4f4c310a8cebe6834ebe4e9272ab006a Mon Sep 17 00:00:00 2001
From: Thomas Reynolds <me@tdreyno.com>
Date: Tue, 18 Jun 2013 11:06:43 -0700
Subject: [PATCH] tests for content_tag escaping

---
 CHANGELOG.md                                  |  8 ++++++--
 .../features/helpers_content_tag.feature      | 16 ++++++++++++++++
 .../core_extensions/default_helpers.rb        | 19 +++++++++++++++++--
 3 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 middleman-core/features/helpers_content_tag.feature

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 80e5897e..8b40d0f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+3.1.1
+===
+
+* Check if set is redefining a param at the class level. Fixes #939
+* Correctly escape `content_tag` when using a block. Fixes #941
+
 3.1.0 Highlights
 ===
 
@@ -9,8 +15,6 @@
 * Fully tested on JRuby 1.9
 * Build defaults to --clean
 
-
-
 3.1.0.rc.4
 ===
 
diff --git a/middleman-core/features/helpers_content_tag.feature b/middleman-core/features/helpers_content_tag.feature
new file mode 100644
index 00000000..4c54aae7
--- /dev/null
+++ b/middleman-core/features/helpers_content_tag.feature
@@ -0,0 +1,16 @@
+Feature: content_tag helper
+
+  Scenario: content_tag doesn't escape content from either block or string
+    Given a fixture app "empty-app"
+    And an empty file named "config.rb"
+    And a file named "source/index.html.erb" with:
+    """
+    <%= content_tag :div, "<hello>world</hello>", :class => 'one' %>
+    <% content_tag :where, :class => 'the hell is' do %>
+    <my>damn croissant</my>
+    <% end %>
+    """
+    And the Server is running
+    When I go to "index.html"
+    Then I should see '<div class="one"><hello>world</hello>'
+    And I should see '<where class="the hell is"><my>damn croissant</my>'
\ No newline at end of file
diff --git a/middleman-core/lib/middleman-more/core_extensions/default_helpers.rb b/middleman-core/lib/middleman-more/core_extensions/default_helpers.rb
index fb4a8686..a15cfe55 100644
--- a/middleman-core/lib/middleman-more/core_extensions/default_helpers.rb
+++ b/middleman-core/lib/middleman-more/core_extensions/default_helpers.rb
@@ -50,8 +50,23 @@ class Middleman::CoreExtensions::DefaultHelpers < ::Middleman::Extension
 
     # Make all block content html_safe
     def content_tag(name, content = nil, options = nil, &block)
-      content = mark_safe(content) unless content.is_a?(Hash)
-      mark_safe(super(name, content, options, &block))
+      if block_given?
+        options = content if content.is_a?(Hash)
+        content = capture_html(&block)
+      end
+
+      options    = parse_data_options(name, options)
+      attributes = tag_attributes(options)
+      output = ActiveSupport::SafeBuffer.new
+      output.safe_concat "<#{name}#{attributes}>"
+      if content.respond_to?(:each) && !content.is_a?(String)
+        content.each { |c| output.safe_concat c; output.safe_concat NEWLINE }
+      else
+        output.safe_concat "#{content}"
+      end
+      output.safe_concat "</#{name}>"
+
+      block_is_template?(block) ? concat_content(output) : output
     end
 
     def capture_html(*args, &block)