simple_format returns a safe buffer escaping unsafe input [Santiago Pastorino]
This commit is contained in:
parent
325fa58ef5
commit
d68f8ba5c3
@ -327,7 +327,7 @@ def markdown(text)
|
||||
# # => "<p class='description'>Look ma! A class!</p>"
|
||||
def simple_format(text, html_options={})
|
||||
start_tag = tag('p', html_options, true)
|
||||
text = text.to_s.dup
|
||||
text = h(text)
|
||||
text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n
|
||||
text.gsub!(/\n\n+/, "</p>\n\n#{start_tag}") # 2+ newline -> paragraph
|
||||
text.gsub!(/([^\n]\n)(?=[^\n])/, '\1<br />') # 1 newline -> br
|
||||
|
@ -40,6 +40,18 @@ def test_simple_format
|
||||
assert_equal %Q(<p class="test">para 1</p>\n\n<p class="test">para 2</p>), simple_format("para 1\n\npara 2", :class => 'test')
|
||||
end
|
||||
|
||||
def test_simple_format_should_be_html_safe
|
||||
assert simple_format("<b> test with html tags </b>").html_safe?
|
||||
end
|
||||
|
||||
def test_simple_format_should_escape_unsafe_input
|
||||
assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b>")
|
||||
end
|
||||
|
||||
def test_simple_format_should_not_escape_safe_input
|
||||
assert_equal "<p><b> test with safe string </b></p>", simple_format("<b> test with safe string </b>".html_safe)
|
||||
end
|
||||
|
||||
def test_truncate
|
||||
assert_equal "Hello World!", truncate("Hello World!", :length => 12)
|
||||
assert_equal "Hello Wor...", truncate("Hello World!!", :length => 12)
|
||||
|
Loading…
Reference in New Issue
Block a user