mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Change the raw template handler to render html-safe strings
In PR #24929 the changelog was updated to make note that while the new template handler was changed to raw this changed the behavior when outputting plain html or js files. Previously ERB would output the files unescaped. Changing the default handler to RAW meant that these same files would be rendered as escaped rather than as js or html. Because of this change in behavior and after the discussion #24949 in we decided to change the behavior of the Raw handler to output html_safe strings by default. Now files rendered with the default handler (raw) render the file unescaped.
This commit is contained in:
parent
be8b2ddbcb
commit
1de0df8669
3 changed files with 19 additions and 1 deletions
|
@ -1,3 +1,14 @@
|
|||
* Raw template handler (which is also the default template handler in Rails 5) now outputs
|
||||
HTML-safe strings.
|
||||
|
||||
In Rails 5 the default template handler was changed to the raw template handler. Because
|
||||
the ERB template handler escaped strings by default this broke some applications that
|
||||
expected plain JS or HTML files to be rendered unescaped. This fixes the issue caused
|
||||
by changing the default handler by changing the Raw template handler to output HTML-safe
|
||||
strings.
|
||||
|
||||
*Eileen M. Uchitelle*
|
||||
|
||||
* `select_tag`'s `include_blank` option for generation for blank option tag, now adds an empty space label,
|
||||
when the value as well as content for option tag are empty, so that we confirm with html specification.
|
||||
Ref: https://www.w3.org/TR/html5/forms.html#the-option-element.
|
||||
|
|
|
@ -2,7 +2,7 @@ module ActionView
|
|||
module Template::Handlers
|
||||
class Raw
|
||||
def call(template)
|
||||
"#{template.source.inspect};"
|
||||
"#{template.source.inspect}.html_safe;"
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -100,6 +100,13 @@ module RenderTestCases
|
|||
assert_equal %q;Here are some characters: !@#$%^&*()-="'}{`; + "\n", @view.render(:template => "plain_text_with_characters")
|
||||
end
|
||||
|
||||
def test_render_raw_is_html_safe_and_does_not_escape_output
|
||||
buffer = ActiveSupport::SafeBuffer.new
|
||||
buffer << @view.render(file: "plain_text")
|
||||
assert_equal true, buffer.html_safe?
|
||||
assert_equal buffer, "<%= hello_world %>\n"
|
||||
end
|
||||
|
||||
def test_render_ruby_template_with_handlers
|
||||
assert_equal "Hello from Ruby code", @view.render(:template => "ruby_template")
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue