From 145658218b62ba13e67298f8423281cf50e6f48c Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Fri, 7 May 2010 15:32:16 -0300 Subject: [PATCH] simple_format should return html_safe but not escape text, that's for rails_xss plugin [#3767 state:committed] --- actionpack/lib/action_view/helpers/text_helper.rb | 4 ++-- actionpack/test/template/text_helper_test.rb | 4 ---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index 9279a88..f2f1557 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -323,12 +323,12 @@ module ActionView # # => "

Look ma! A class!

" def simple_format(text, html_options={}) start_tag = tag('p', html_options, true) - text = h(text) + text = text.to_s.dup text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "

\n\n#{start_tag}") # 2+ newline -> paragraph text.gsub!(/([^\n]\n)(?=[^\n])/, '\1
') # 1 newline -> br text.insert 0, start_tag - text.safe_concat "

" + text.html_safe.safe_concat("

") end # Turns all URLs and e-mail addresses into clickable links. The :link option diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index d3c2726..6ee5ae1 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -44,10 +44,6 @@ class TextHelperTest < ActionView::TestCase assert simple_format(" test with html tags ").html_safe? end - def test_simple_format_should_escape_unsafe_input - assert_equal "

<b> test with unsafe string </b>

", simple_format(" test with unsafe string ") - end - def test_simple_format_should_not_escape_safe_input assert_equal "

test with safe string

", simple_format(" test with safe string ".html_safe) end -- 1.7.0