deac/middleman
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

tests for content_tag escaping

Browse source
This commit is contained in:
Thomas Reynolds 2013-06-18 11:06:43 -07:00
parent 298e842510
commit 0415b76d4f
3 changed files with 39 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CHANGELOG.md
View file

@ -1,3 +1,9 @@
3.1.1
===
* Check if set is redefining a param at the class level. Fixes #939
* Correctly escape `content_tag` when using a block. Fixes #941
3.1.0 Highlights 3.1.0 Highlights
=== ===
@ -9,8 +15,6 @@
* Fully tested on JRuby 1.9 * Fully tested on JRuby 1.9
* Build defaults to --clean * Build defaults to --clean
3.1.0.rc.4 3.1.0.rc.4
=== ===

16
middleman-core/features/helpers_content_tag.feature Normal file
View file

@ -0,0 +1,16 @@
Feature: content_tag helper
Scenario: content_tag doesn't escape content from either block or string
Given a fixture app "empty-app"
And an empty file named "config.rb"
And a file named "source/index.html.erb" with:
"""
<%= content_tag :div, "<hello>world</hello>", :class => 'one' %>
<% content_tag :where, :class => 'the hell is' do %>
<my>damn croissant</my>
<% end %>
"""
And the Server is running
When I go to "index.html"
Then I should see '<div class="one"><hello>world</hello>'
And I should see '<where class="the hell is"><my>damn croissant</my>'

19
middleman-core/lib/middleman-more/core_extensions/default_helpers.rb
View file

@ -50,8 +50,23 @@ class Middleman::CoreExtensions::DefaultHelpers < ::Middleman::Extension
# Make all block content html_safe # Make all block content html_safe
def content_tag(name, content = nil, options = nil, &block) def content_tag(name, content = nil, options = nil, &block)
content = mark_safe(content) unless content.is_a?(Hash) if block_given?
mark_safe(super(name, content, options, &block)) options = content if content.is_a?(Hash)
content = capture_html(&block)
end
options = parse_data_options(name, options)
attributes = tag_attributes(options)
output = ActiveSupport::SafeBuffer.new
output.safe_concat "<#{name}#{attributes}>"
if content.respond_to?(:each) && !content.is_a?(String)
content.each { |c| output.safe_concat c; output.safe_concat NEWLINE }
else
output.safe_concat "#{content}"
end
output.safe_concat "</#{name}>"
block_is_template?(block) ? concat_content(output) : output
end end
def capture_html(*args, &block) def capture_html(*args, &block)