rails_xss handles deprecated String html safety, when installed

3ff921a6 · Jeremy Kemper · b10bf834 · 3ff921a6
显示空白变更内容
内联并排

Showing with 1 addition and 29 deletion

activesupport/lib/active_support/core_ext/string/output_safety.rb ...pport/lib/active_support/core_ext/string/output_safety.rb +1 -29

未找到文件。
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -97,7 +97,6 @@ def to_yaml(*args)

 class String
  alias safe_concat concat
-  alias_method :add_without_safety, :+

  def as_str
    self
@@ -108,38 +107,11 @@ def html_safe
  end

  def html_safe?
-    defined?(@_rails_html_safe)
+    false
  end

  def html_safe!
    ActiveSupport::Deprecation.warn("Use html_safe with your strings instead of html_safe! See http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/ for the full story.", caller)
-    @_rails_html_safe = true
    self
  end
-
-  def add_with_safety(other)
-    result = add_without_safety(other)
-    if html_safe? && also_html_safe?(other)
-      result.html_safe!
-    else
-      result
-    end
-  end
-  alias_method :+, :add_with_safety
-
-  def concat_with_safety(other_or_fixnum)
-    result = concat_without_safety(other_or_fixnum)
-    unless html_safe? && also_html_safe?(other_or_fixnum)
-      remove_instance_variable(:@_rails_html_safe) if defined?(@_rails_html_safe)
-    end
-    result
-  end
-  alias_method_chain :concat, :safety
-  undef_method :<<
-  alias_method :<<, :concat_with_safety
-
-  private
-   def also_html_safe?(other)
-     other.respond_to?(:html_safe?) && other.html_safe?
-   end
 end