button_tag should escape it content
This commit is contained in:
parent
20897a6c2c
commit
1de47a0d56
@ -457,7 +457,7 @@ def button_tag(label = "Button", options = {})
|
||||
options[option] = "button" unless options[option]
|
||||
end
|
||||
|
||||
content_tag :button, label.to_s.html_safe, { "type" => options.delete("type") }.update(options)
|
||||
content_tag :button, label, { "type" => options.delete("type") }.update(options)
|
||||
end
|
||||
|
||||
# Displays an image which when clicked will submit the form.
|
||||
|
@ -413,6 +413,13 @@ def test_button_tag_with_disabled_option
|
||||
)
|
||||
end
|
||||
|
||||
def test_button_tag_escape_content
|
||||
assert_dom_equal(
|
||||
%(<button name="button" type="reset" disabled="disabled"><b>Reset</b></button>),
|
||||
button_tag("<b>Reset</b>", :type => "reset", :disabled => true)
|
||||
)
|
||||
end
|
||||
|
||||
def test_image_submit_tag_with_confirmation
|
||||
assert_dom_equal(
|
||||
%(<input type="image" src="/images/save.gif" data-confirm="Are you sure?" />),
|
||||
|
Loading…
Reference in New Issue
Block a user