# frozen_string_literal: true require "abstract_unit" class OutputSafetyHelperTest < ActionView::TestCase tests ActionView::Helpers::OutputSafetyHelper def setup @string = "hello" end test "raw returns the safe string" do result = raw(@string) assert_equal @string, result assert_predicate result, :html_safe? end test "raw handles nil values correctly" do assert_equal "", raw(nil) end test "safe_join should html_escape any items, including the separator, if they are not html_safe" do joined = safe_join([raw("

foo

"), "

bar

"], "
") assert_equal "

foo

<br /><p>bar</p>", joined joined = safe_join([raw("

foo

"), raw("

bar

")], raw("
")) assert_equal "

foo


bar

", joined end test "safe_join should work recursively similarly to Array.join" do joined = safe_join(["a", ["b", "c"]], ":") assert_equal "a:b:c", joined joined = safe_join(['"a"', ["", ""]], "
") assert_equal ""a" <br/> <b> <br/> <c>", joined end test "safe_join should return the safe string separated by $, when second argument is not passed" do default_delimiter = $, begin $, = nil joined = safe_join(["a", "b"]) assert_equal "ab", joined silence_warnings do $, = "|" end joined = safe_join(["a", "b"]) assert_equal "a|b", joined ensure $, = default_delimiter end end test "to_sentence should escape non-html_safe values" do actual = to_sentence(%w(< > & ' ")) assert_predicate actual, :html_safe? assert_equal("<, >, &, ', and "", actual) actual = to_sentence(%w( ") end test "to_sentence should not escape html_safe values" do ptag = content_tag("p") do safe_join(["shady stuff", tag("br")]) end url = "https://example.com" expected = %(#{url} and

<marquee>shady stuff</marquee>

) actual = to_sentence([link_to(url, url), ptag]) assert_predicate actual, :html_safe? assert_equal(expected, actual) end test "to_sentence handles blank strings" do actual = to_sentence(["", "two", "three"]) assert_predicate actual, :html_safe? assert_equal ", two, and three", actual end test "to_sentence handles nil values" do actual = to_sentence([nil, "two", "three"]) assert_predicate actual, :html_safe? assert_equal ", two, and three", actual end test "to_sentence still supports ActiveSupports Array#to_sentence arguments" do assert_equal "one two, and three", to_sentence(["one", "two", "three"], words_connector: " ") assert_equal "one & two, and three", to_sentence(["one", "two", "three"], words_connector: " & ".html_safe) assert_equal "onetwo, and three", to_sentence(["one", "two", "three"], words_connector: nil) assert_equal "one, two, and also three", to_sentence(["one", "two", "three"], last_word_connector: ", and also ") assert_equal "one, twothree", to_sentence(["one", "two", "three"], last_word_connector: nil) assert_equal "one, two three", to_sentence(["one", "two", "three"], last_word_connector: " ") assert_equal "one, two and three", to_sentence(["one", "two", "three"], last_word_connector: " and ") end test "to_sentence is not affected by $," do separator_was = $, silence_warnings do $, = "|" end begin assert_equal "one and two", to_sentence(["one", "two"]) assert_equal "one, two, and three", to_sentence(["one", "two", "three"]) ensure $, = separator_was end end end