kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

content_tag_string shouldn't escape_html if escape param is false

Browse source
This commit is contained in:
Santiago Pastorino 2010-06-06 02:20:45 -03:00 committed by wycats
parent eebac02606
commit 399b493cb4
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_view/helpers/tag_helper.rb
View file

@ -110,7 +110,7 @@ module ActionView
def content_tag_string(name, content, options, escape = true)
tag_options = tag_options(options, escape) if options
"<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe
"<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe
end
def tag_options(options, escape = true)

2
actionpack/test/template/tag_helper_test.rb
View file

@ -39,6 +39,8 @@ class TagHelperTest < ActionView::TestCase
content_tag("a", "Create", :href => "create")
assert_equal "<p>&lt;script&gt;evil_js&lt;/script&gt;</p>",
content_tag(:p, '<script>evil_js</script>')
assert_equal "<p><script>evil_js</script></p>",
content_tag(:p, '<script>evil_js</script>', nil, false)
end
def test_content_tag_with_block_in_erb