2017-07-24 16:20:53 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-08-06 12:54:50 -04:00
|
|
|
require "abstract_unit"
|
2009-10-07 16:31:20 -04:00
|
|
|
|
|
|
|
class OutputEscapingTest < ActiveSupport::TestCase
|
|
|
|
test "escape_html shouldn't die when passed nil" do
|
2018-01-25 18:14:09 -05:00
|
|
|
assert_predicate ERB::Util.h(nil), :blank?
|
2009-10-07 16:31:20 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
test "escapeHTML should escape strings" do
|
|
|
|
assert_equal "<>"", ERB::Util.h("<>\"")
|
|
|
|
end
|
|
|
|
|
|
|
|
test "escapeHTML shouldn't touch explicitly safe strings" do
|
For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).
* Additionally, instead of doing concat("</form>".html_safe), you can do
safe_concat("</form>"), which will skip both the flag set, and the flag
check.
* For the first pass, I converted virtually all #html_safe!s to #html_safe,
and the tests pass. A further optimization would be to try to use
#safe_concat as much as possible, reducing the performance impact if
we know up front that a String is safe.
2010-01-31 22:17:42 -05:00
|
|
|
assert_equal "<", ERB::Util.h("<".html_safe)
|
2009-10-07 16:31:20 -04:00
|
|
|
end
|
|
|
|
end
|