diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index c09d01eeee..66277f79fe 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -110,7 +110,7 @@ module ActionView def content_tag_string(name, content, options, escape = true) tag_options = tag_options(options, escape) if options - "<#{name}#{tag_options}>#{ERB::Util.h(content)}#{name}>".html_safe + "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}#{name}>".html_safe end def tag_options(options, escape = true) diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb index 256d9bdcde..ec5fe3d1d7 100644 --- a/actionpack/test/template/tag_helper_test.rb +++ b/actionpack/test/template/tag_helper_test.rb @@ -39,6 +39,8 @@ class TagHelperTest < ActionView::TestCase content_tag("a", "Create", :href => "create") assert_equal "
<script>evil_js</script>
", content_tag(:p, '') + assert_equal "", + content_tag(:p, '', nil, false) end def test_content_tag_with_block_in_erb