kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

fix safe string interpolation with SafeBuffer#%, closes #6352

Browse source
This commit is contained in:
Vasiliy Ermolovich 2012-05-16 21:04:31 +03:00
parent e29626901a
commit 9fb21e98e2
2 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
activesupport/lib/active_support/core_ext/string/output_safety.rb
View file

@ -150,6 +150,20 @@ module ActiveSupport #:nodoc:
dup.concat(other) dup.concat(other)
end end
def %(args)
args = Array(args)
args.map! do |arg|
if !html_safe? || arg.html_safe?
arg
else
ERB::Util.h(arg)
end
end
self.class.new(super(args))
end
def html_safe? def html_safe?
defined?(@html_safe) && @html_safe defined?(@html_safe) && @html_safe
end end

24
activesupport/test/core_ext/string_ext_test.rb
View file

@ -439,6 +439,30 @@ class OutputSafetyTest < ActiveSupport::TestCase
assert @other_string.html_safe? assert @other_string.html_safe?
end end
test "Concatting safe onto unsafe with % yields unsafe" do
@other_string = "other%s"
string = @string.html_safe
@other_string = @other_string % string
assert !@other_string.html_safe?
end
test "Concatting unsafe onto safe with % yields escaped safe" do
@other_string = "other%s".html_safe
string = @other_string % "<foo>"
assert_equal "other&lt;foo&gt;", string
assert string.html_safe?
end
test "Concatting safe onto safe with % yields safe" do
@other_string = "other%s".html_safe
string = @string.html_safe
@other_string = @other_string % string
assert @other_string.html_safe?
end
test "Concatting a fixnum to safe always yields safe" do test "Concatting a fixnum to safe always yields safe" do
string = @string.html_safe string = @string.html_safe
string = string.concat(13) string = string.concat(13)