foo
".html_safe, "bar
"], "foo
<br /><p>bar</p>" + # + # safe_join(["foo
".html_safe, "bar
".html_safe], "foo
bar
" + # + def safe_join(array, sep=$,) + sep ||= "".html_safe + sep = ERB::Util.html_escape(sep) + + array.map { |i| ERB::Util.html_escape(i) }.join(sep).html_safe + end + end + end +end \ No newline at end of file diff --git a/actionpack/lib/action_view/helpers/raw_output_helper.rb b/actionpack/lib/action_view/helpers/raw_output_helper.rb deleted file mode 100644 index 216683a2e01a752ffc9a8bca6062a4a9e793c800..0000000000000000000000000000000000000000 --- a/actionpack/lib/action_view/helpers/raw_output_helper.rb +++ /dev/null @@ -1,18 +0,0 @@ -module ActionView #:nodoc: - # = Action View Raw Output Helper - module Helpers #:nodoc: - module RawOutputHelper - # This method outputs without escaping a string. Since escaping tags is - # now default, this can be used when you don't want Rails to automatically - # escape tags. This is not recommended if the data is coming from the user's - # input. - # - # For example: - # - # <%=raw @user.name %> - def raw(stringish) - stringish.to_s.html_safe - end - end - end -end \ No newline at end of file diff --git a/actionpack/test/template/output_safety_helper_test.rb b/actionpack/test/template/output_safety_helper_test.rb new file mode 100644 index 0000000000000000000000000000000000000000..fc127c24e93063930860df9bba7d848f1722d21b --- /dev/null +++ b/actionpack/test/template/output_safety_helper_test.rb @@ -0,0 +1,30 @@ +require 'abstract_unit' +require 'testing_sandbox' + +class OutputSafetyHelperTest < ActionView::TestCase + tests ActionView::Helpers::OutputSafetyHelper + include TestingSandbox + + def setup + @string = "hello" + end + + test "raw returns the safe string" do + result = raw(@string) + assert_equal @string, result + assert result.html_safe? + end + + test "raw handles nil values correctly" do + assert_equal "", raw(nil) + end + + test "safe_join should html_escape any items, including the separator, if they are not html_safe" do + joined = safe_join(["foo
".html_safe, "bar
"], "foo
<br /><p>bar</p>", joined + + joined = safe_join(["foo
".html_safe, "bar
".html_safe], "foo
bar
", joined + end + +end \ No newline at end of file diff --git a/actionpack/test/template/raw_output_helper_test.rb b/actionpack/test/template/raw_output_helper_test.rb deleted file mode 100644 index 598aa5b1d882e3db1505875ba3f63ca6fae62315..0000000000000000000000000000000000000000 --- a/actionpack/test/template/raw_output_helper_test.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'abstract_unit' -require 'testing_sandbox' - -class RawOutputHelperTest < ActionView::TestCase - tests ActionView::Helpers::RawOutputHelper - include TestingSandbox - - def setup - @string = "hello" - end - - test "raw returns the safe string" do - result = raw(@string) - assert_equal @string, result - assert result.html_safe? - end - - test "raw handles nil values correctly" do - assert_equal "", raw(nil) - end -end \ No newline at end of file diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 0c8fc20ea5eaa314bf15f251a7bd96a5c99e5a11..c930abc0030d5fdc7d7b6867260f2073f9591322 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -122,34 +122,3 @@ def html_safe ActiveSupport::SafeBuffer.new(self) end end - -class Array - # If the separator and all the items in the array are html safe - # then an html safe string is returned using Array#join, - # otherwise the result of Array#join is returned without - # marking it as html safe. - # - # ["Mr", "Bojangles"].join.html_safe? - # # => false - # - # ["Mr".html_safe, "Bojangles".html_safe].join.html_safe? - # # => true - # - def safe_join(sep=$,) - sep ||= "".html_safe - str = join(sep) - (sep.html_safe? && html_safe?) ? str.html_safe : str - end - - # Returns +true+ if all items in the array are html safe. - # - # [""].html_safe? - # # => false - # - # ["".html_safe].html_safe? - # # => true - # - def html_safe? - detect { |e| !e.html_safe? }.nil? - end -end diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb index 15e39a06c3a51583bac6793c0663511d9ef913e5..bb865cae9192a60ce14c5a9e0ceef54d810ee5aa 100644 --- a/activesupport/test/core_ext/string_ext_test.rb +++ b/activesupport/test/core_ext/string_ext_test.rb @@ -434,50 +434,6 @@ def to_s assert string.html_safe? end - test "Joining safe elements without a separator is safe" do - array = 5.times.collect { "some string".html_safe } - assert array.safe_join.html_safe? - end - - test "Joining safe elements with a safe separator is safe" do - array = 5.times.collect { "some string".html_safe } - assert array.safe_join("-".html_safe).html_safe? - end - - test "Joining safe elements with an unsafe separator is unsafe" do - array = 5.times.collect { "some string".html_safe } - assert !array.safe_join("-").html_safe? - end - - test "Joining is unsafe if any element is unsafe even with a safe separator" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !array.safe_join("-".html_safe).html_safe? - end - - test "Joining is unsafe if any element is unsafe and no separator is given" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !array.safe_join.html_safe? - end - - test "Joining is unsafe if any element is unsafe and the separator is unsafe" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !array.safe_join("-").html_safe? - end - - test "Array is safe if all elements are safe" do - array = 5.times.collect { "some string".html_safe } - assert array.html_safe? - end - - test "Array is unsafe if any element is unsafe" do - array = 5.times.collect { "some string".html_safe } - array << "some string" - assert !array.html_safe? - end - test 'emits normal string yaml' do assert_equal 'foo'.to_yaml, 'foo'.html_safe.to_yaml(:foo => 1) end