Original implementation has bugs if the regex contains a match group.
Example:
excerpt('This is a beautiful? morning', /\b(beau\w*)\b/i, :radius => 5)
Expected: "...is a beautiful? mor..."
Actual: "...is a beautifulbeaut..."
The original phrase was being converted to a regex and returning the text
either side of the phrase as expected:
'This is a beautiful? morning'.split(/beautiful/i, 2)
# => ["This is a ", "? morning"]
When we have a match with groups the match is returned in the array.
Quoting the ruby docs: "If pattern is a Regexp, str is divided where the
pattern matches. [...] If pattern contains groups, the respective matches will
be returned in the array as well."
'This is a beautiful? morning'.split(/\b(beau\w*)\b/iu, 2)
# => ["This is a ", "beautiful", "? morning"]
If we assume we want to split on the first match – this fix makes that
assumption – we can pass the already assigned `phrase` variable as the place
to split (because we already know that a match exists from line 168).
Originally spotted by Louise Crow (@crowbot) at
https://github.com/mysociety/alaveteli/pull/1557
The helper will yield each matched word, and you can use this instead of the
':highlighter' option for more complex replacing logic:
highlight('My email is me@work.com', EMAIL_REGEXP) { |m| mail_to(m) }
# => 'My email is <a href="mailto:me@work.com">me@work.com</a>'
The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.
This fixes CVE-2013-6416
Conflicts:
actionview/lib/action_view/helpers/text_helper.rb
