From 145658218b62ba13e67298f8423281cf50e6f48c Mon Sep 17 00:00:00 2001
From: Santiago Pastorino
Date: Fri, 7 May 2010 15:32:16 -0300
Subject: [PATCH] simple_format should return html_safe but not escape text, that's for rails_xss plugin [#3767 state:committed]
---
actionpack/lib/action_view/helpers/text_helper.rb | 4 ++--
actionpack/test/template/text_helper_test.rb | 4 ----
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb
index 9279a88..f2f1557 100644
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -323,12 +323,12 @@ module ActionView
# # => "Look ma! A class!
"
def simple_format(text, html_options={})
start_tag = tag('p', html_options, true)
- text = h(text)
+ text = text.to_s.dup
text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n
text.gsub!(/\n\n+/, "
\n\n#{start_tag}") # 2+ newline -> paragraph
text.gsub!(/([^\n]\n)(?=[^\n])/, '\1
') # 1 newline -> br
text.insert 0, start_tag
- text.safe_concat ""
+ text.html_safe.safe_concat("")
end
# Turns all URLs and e-mail addresses into clickable links. The :link option
diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb
index d3c2726..6ee5ae1 100644
--- a/actionpack/test/template/text_helper_test.rb
+++ b/actionpack/test/template/text_helper_test.rb
@@ -44,10 +44,6 @@ class TextHelperTest < ActionView::TestCase
assert simple_format(" test with html tags ").html_safe?
end
- def test_simple_format_should_escape_unsafe_input
- assert_equal "<b> test with unsafe string </b>
", simple_format(" test with unsafe string ")
- end
-
def test_simple_format_should_not_escape_safe_input
assert_equal " test with safe string
", simple_format(" test with safe string ".html_safe)
end
--
1.7.0