diff options
Diffstat (limited to 'activesupport-safe-buffer-slice-fix.patch')
| -rw-r--r-- | activesupport-safe-buffer-slice-fix.patch | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/activesupport-safe-buffer-slice-fix.patch b/activesupport-safe-buffer-slice-fix.patch new file mode 100644 index 0000000..133be11 --- /dev/null +++ b/activesupport-safe-buffer-slice-fix.patch @@ -0,0 +1,194 @@ +From 00e632de2bde61425142ef8edc408e8d21ff9134 Mon Sep 17 00:00:00 2001 +From: Aaron Patterson <aaron.patterson@gmail.com> +Date: Wed, 29 Feb 2012 16:37:30 -0800 +Subject: [PATCH] Squashed commit of the following: +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit 917fd1a03845f4eedaccbc338f9d7524e98d45ee +Author: José Valim <jose.valim@gmail.com> +Date: Wed Feb 29 22:30:51 2012 +0100 + + Ensure [] respects the status of the buffer. + +commit 6adc41789017682306181e3db5b30337fe450bcc +Author: Akira Matsuda <ronnie@dio.jp> +Date: Mon Feb 13 17:57:05 2012 +0900 + + use AS::SafeBuffer#clone_empty for flushing the output_buffer + +commit e50ee96a0b37e7c5adfc555edd402ad04cc159f1 +Author: Akira Matsuda <ronnie@dio.jp> +Date: Mon Feb 13 17:54:58 2012 +0900 + + add AS::SafeBuffer#clone_empty +--- + .../lib/action_view/helpers/capture_helper.rb | 2 +- + .../core_ext/string/output_safety.rb | 50 ++++++++++++------- + activesupport/test/safe_buffer_test.rb | 46 ++++++++++++++++-- + 3 files changed, 74 insertions(+), 24 deletions(-) + +diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb +index 266f028..c0efe37 100644 +--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb ++++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb +@@ -85,23 +85,41 @@ module ActiveSupport #:nodoc: + end + end + ++ def [](*args) ++ return super if args.size < 2 ++ ++ if html_safe? ++ new_safe_buffer = super ++ new_safe_buffer.instance_eval { @html_safe = true } ++ new_safe_buffer ++ else ++ to_str[*args] ++ end ++ end ++ + def safe_concat(value) +- raise SafeConcatError if dirty? ++ raise SafeConcatError unless html_safe? + original_concat(value) + end + + def initialize(*) +- @dirty = false ++ @html_safe = true + super + end + + def initialize_copy(other) + super +- @dirty = other.dirty? ++ @html_safe = other.html_safe? ++ end ++ ++ def clone_empty ++ new_safe_buffer = self[0, 0] ++ new_safe_buffer.instance_variable_set(:@dirty, @dirty) ++ new_safe_buffer + end + + def concat(value) +- if dirty? || value.html_safe? ++ if !html_safe? || value.html_safe? + super(value) + else + super(ERB::Util.h(value)) +@@ -114,7 +132,7 @@ module ActiveSupport #:nodoc: + end + + def html_safe? +- !dirty? ++ defined?(@html_safe) && @html_safe + end + + def to_s +@@ -132,23 +150,17 @@ module ActiveSupport #:nodoc: + for unsafe_method in UNSAFE_STRING_METHODS + if 'String'.respond_to?(unsafe_method) + class_eval <<-EOT, __FILE__, __LINE__ + 1 +- def #{unsafe_method}(*args) +- super.to_str +- end +- +- def #{unsafe_method}!(*args) +- @dirty = true +- super +- end ++ def #{unsafe_method}(*args, &block) # def capitalize(*args, &block) ++ to_str.#{unsafe_method}(*args, &block) # to_str.capitalize(*args, &block) ++ end # end ++ ++ def #{unsafe_method}!(*args) # def capitalize!(*args) ++ @html_safe = false # @html_safe = false ++ super # super ++ end # end + EOT + end + end +- +- protected +- +- def dirty? +- @dirty +- end + end + end + +diff --git a/activesupport/test/safe_buffer_test.rb b/activesupport/test/safe_buffer_test.rb +index 77ea273..894be1b 100644 +--- a/activesupport/test/safe_buffer_test.rb ++++ b/activesupport/test/safe_buffer_test.rb +@@ -65,22 +65,60 @@ class SafeBufferTest < ActiveSupport::TestCase + assert_equal "hello<>", clean + @buffer + end + +- test "Should concat as a normal string when dirty" do +- dirty = @buffer ++ test "Should concat as a normal string when safe" do + clean = "hello".html_safe + @buffer.gsub!('', '<>') + assert_equal "<>hello", @buffer + clean + end + +- test "Should preserve dirty? status on copy" do ++ test "Should preserve html_safe? status on copy" do + @buffer.gsub!('', '<>') + assert !@buffer.dup.html_safe? + end + +- test "Should raise an error when safe_concat is called on dirty buffers" do ++ test "Should return safe buffer when added with another safe buffer" do ++ clean = "<script>".html_safe ++ result_buffer = @buffer + clean ++ assert result_buffer.html_safe? ++ assert_equal "<script>", result_buffer ++ end ++ ++ test "Should raise an error when safe_concat is called on unsafe buffers" do + @buffer.gsub!('', '<>') + assert_raise ActiveSupport::SafeBuffer::SafeConcatError do + @buffer.safe_concat "BUSTED" + end + end ++ ++ test "Should not fail if the returned object is not a string" do ++ assert_kind_of NilClass, @buffer.slice("chipchop") ++ end ++ ++ test "clone_empty returns an empty buffer" do ++ assert_equal '', ActiveSupport::SafeBuffer.new('foo').clone_empty ++ end ++ ++ test "clone_empty keeps the original dirtyness" do ++ assert @buffer.clone_empty.html_safe? ++ assert !@buffer.gsub!('', '').clone_empty.html_safe? ++ end ++ ++ test "Should be safe when sliced if original value was safe" do ++ new_buffer = @buffer[0,0] ++ assert_not_nil new_buffer ++ assert new_buffer.html_safe?, "should be safe" ++ end ++ ++ test "Should continue unsafe on slice" do ++ x = 'foo'.html_safe.gsub!('f', '<script>alert("lolpwnd");</script>') ++ ++ # calling gsub! makes the dirty flag true ++ assert !x.html_safe?, "should not be safe" ++ ++ # getting a slice of it ++ y = x[0..-1] ++ ++ # should still be unsafe ++ assert !y.html_safe?, "should not be safe" ++ end + end +-- +1.7.6 + |