tests for content_tag escaping

2013-06-18 11:06:43 -07:00 · 2013-06-18 11:06:43 -07:00 · 0415b76d4f
parent 298e842510
commit 0415b76d4f
3 changed files with 39 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,9 @@
+3.1.1
+===
+
+* Check if set is redefining a param at the class level. Fixes #939
+* Correctly escape `content_tag` when using a block. Fixes #941
+
 3.1.0 Highlights
 ===

@ -9,8 +15,6 @@
 * Fully tested on JRuby 1.9
 * Build defaults to --clean

-
-
 3.1.0.rc.4
 ===

--- a/middleman-core/features/helpers_content_tag.feature
+++ b/middleman-core/features/helpers_content_tag.feature
@ -0,0 +1,16 @@
+Feature: content_tag helper
+
+  Scenario: content_tag doesn't escape content from either block or string
+    Given a fixture app "empty-app"
+    And an empty file named "config.rb"
+    And a file named "source/index.html.erb" with:
+    """
+    <%= content_tag :div, "<hello>world</hello>", :class => 'one' %>
+    <% content_tag :where, :class => 'the hell is' do %>
+    <my>damn croissant</my>
+    <% end %>
+    """
+    And the Server is running
+    When I go to "index.html"
+    Then I should see '<div class="one"><hello>world</hello>'
+    And I should see '<where class="the hell is"><my>damn croissant</my>'
--- a/middleman-core/lib/middleman-more/core_extensions/default_helpers.rb
+++ b/middleman-core/lib/middleman-more/core_extensions/default_helpers.rb
@ -50,8 +50,23 @@ class Middleman::CoreExtensions::DefaultHelpers < ::Middleman::Extension

    # Make all block content html_safe
    def content_tag(name, content = nil, options = nil, &block)
-      content = mark_safe(content) unless content.is_a?(Hash)
-      mark_safe(super(name, content, options, &block))
+      if block_given?
+        options = content if content.is_a?(Hash)
+        content = capture_html(&block)
+      end
+
+      options    = parse_data_options(name, options)
+      attributes = tag_attributes(options)
+      output = ActiveSupport::SafeBuffer.new
+      output.safe_concat "<#{name}#{attributes}>"
+      if content.respond_to?(:each) && !content.is_a?(String)
+        content.each { |c| output.safe_concat c; output.safe_concat NEWLINE }
+      else
+        output.safe_concat "#{content}"
+      end
+      output.safe_concat "</#{name}>"
+
+      block_is_template?(block) ? concat_content(output) : output
    end

    def capture_html(*args, &block)