mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
4cbb9db0a5
* Additionally, instead of doing concat("</form>".html_safe), you can do safe_concat("</form>"), which will skip both the flag set, and the flag check. * For the first pass, I converted virtually all #html_safe!s to #html_safe, and the tests pass. A further optimization would be to try to use #safe_concat as much as possible, reducing the performance impact if we know up front that a String is safe.
19 lines
495 B
Ruby
19 lines
495 B
Ruby
require 'abstract_unit'
|
|
|
|
class OutputEscapingTest < ActiveSupport::TestCase
|
|
|
|
test "escape_html shouldn't die when passed nil" do
|
|
assert ERB::Util.h(nil).blank?
|
|
end
|
|
|
|
test "escapeHTML should escape strings" do
|
|
assert_equal "<>"", ERB::Util.h("<>\"")
|
|
end
|
|
|
|
test "escapeHTML shouldn't touch explicitly safe strings" do
|
|
# TODO this seems easier to compose and reason about, but
|
|
# this should be verified
|
|
assert_equal "<", ERB::Util.h("<".html_safe)
|
|
end
|
|
|
|
end
|