From 0b02284545dcbed7da40489e0db9bd49eca924b1 Mon Sep 17 00:00:00 2001 From: Aaron Patterson Date: Thu, 9 Jun 2011 15:29:17 -0700 Subject: [PATCH] ensuring that json_escape returns html safe strings when passed an html safe string --- actionpack/test/template/erb_util_test.rb | 10 ++++++++++ .../active_support/core_ext/string/output_safety.rb | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb index 30f6d1a213..790ab1c74c 100644 --- a/actionpack/test/template/erb_util_test.rb +++ b/actionpack/test/template/erb_util_test.rb @@ -16,6 +16,16 @@ class ErbUtilTest < Test::Unit::TestCase end end + def test_json_escape_returns_unsafe_strings_when_passed_unsafe_strings + value = json_escape("asdf") + assert !value.html_safe? + end + + def test_json_escape_returns_safe_strings_when_passed_safe_strings + value = json_escape("asdf".html_safe) + assert value.html_safe? + end + def test_html_escape_is_html_safe escaped = h("

") assert_equal "<p>", escaped diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index aeb21ed8df..20e40fe40f 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -51,7 +51,8 @@ def html_escape(s) # <%=j @person.to_json %> # def json_escape(s) - s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } + result = s.to_s.gsub(/[&"><]/) { |special| JSON_ESCAPE[special] } + s.html_safe? ? result.html_safe : result end alias j json_escape -- GitLab