ensuring that json_escape returns html safe strings when passed an html safe string

0b022845 · Aaron Patterson · 84f71e42 · 0b022845 · 0b022845
2 changed file
--- a/actionpack/test/template/erb_util_test.rb
+++ b/actionpack/test/template/erb_util_test.rb
@@ -16,6 +16,16 @@ class ErbUtilTest < Test::Unit::TestCase
    end
  end

+  def test_json_escape_returns_unsafe_strings_when_passed_unsafe_strings
+    value = json_escape("asdf")
+    assert !value.html_safe?
+  end
+
+  def test_json_escape_returns_safe_strings_when_passed_safe_strings
+    value = json_escape("asdf".html_safe)
+    assert value.html_safe?
+  end
+
  def test_html_escape_is_html_safe
    escaped = h("<p>")
    assert_equal "&lt;p&gt;", escaped

--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -51,7 +51,8 @@ def html_escape(s)
    #   <%=j @person.to_json %>
    #
    def json_escape(s)
-      s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+      result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] }
+      s.html_safe? ? result.html_safe : result
    end

    alias j json_escape