Do not mark strip_tags result as html_safe

Thanks to Marek Labos & Nethemba

Do not mark strip_tags result as html_safe
Thanks to Marek Labos & Nethemba
cf48c9c7 · Santiago Pastorino · Aaron Patterson · 3dc0cd37 · cf48c9c7 · cf48c9c7
Showing with 3 addition and 3 deletion

actionpack/lib/action_view/helpers/sanitize_helper.rb actionpack/lib/action_view/helpers/sanitize_helper.rb +1 -1

actionpack/test/template/sanitize_helper_test.rb actionpack/test/template/sanitize_helper_test.rb +2 -2

未找到文件。
--- a/actionpack/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionpack/lib/action_view/helpers/sanitize_helper.rb
@@ -72,7 +72,7 @@ def sanitize_css(style)
      #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
      #   # => Welcome to my website!
      def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html).try(:html_safe)
+        self.class.full_sanitizer.sanitize(html)
      end

      # Strips all link tags from +text+ leaving just the link text.

--- a/actionpack/test/template/sanitize_helper_test.rb
+++ b/actionpack/test/template/sanitize_helper_test.rb
@@ -42,9 +42,9 @@ def test_strip_tags
    [nil, '', '   '].each do |blank|
      stripped = strip_tags(blank)
      assert_equal blank, stripped
-      assert stripped.html_safe? unless blank.nil?
    end
-    assert strip_tags("<script>").html_safe?
+    assert_equal "", strip_tags("<script>")
+    assert_equal "something &lt;img onerror=alert(1337)", ERB::Util.html_escape(strip_tags("something <img onerror=alert(1337)"))
  end

  def test_sanitize_is_marked_safe