Commits

Rafael Mendonça França  committed 4ce3b5d

Test that the block used in truncate is escaped if it is not HTML safe

Refactoring the truncate method to not do a sort-circuit return

  • Participants
  • Parent commits 9c8132c

Comments (0)

Files changed (2)

File actionpack/lib/action_view/helpers/text_helper.rb

       #   truncate("Once upon a time in a world far far away") { link_to "Continue", "#" }
       #   # => "Once upon a time in a wo...<a href="#">Continue</a>"
       def truncate(text, options = {}, &block)
-        return unless text
+        if text
+          length  = options.fetch(:length, 30)
 
-        options = { :length => 30 }.merge!(options)
-        length  = options.delete(:length)
-
-        content = ERB::Util.html_escape(text.truncate(length, options))
-        content << capture(&block) if block_given? && text.length > length
-        content
+          content = ERB::Util.html_escape(text.truncate(length, options))
+          content << capture(&block) if block_given? && text.length > length
+          content
+        end
       end
 
       # Highlights one or more +phrases+ everywhere in +text+ by inserting it into
       #   # => You searched for: <a href="search?q=rails">rails</a>
       def highlight(text, phrases, options = {})
         highlighter = options.fetch(:highlighter, '<mark>\1</mark>')
-        
+
         text = sanitize(text) if options.fetch(:sanitize, true)
         if text.blank? || phrases.blank?
           text
       #   pluralize(0, 'person')
       #   # => 0 people
       def pluralize(count, singular, plural = nil)
-        word = if (count == 1 || count =~ /^1(\.0+)?$/) 
-          singular 
+        word = if (count == 1 || count =~ /^1(\.0+)?$/)
+          singular
         else
           plural || singular.pluralize
         end
-        
+
         "#{count || 0} #{word}"
       end
 
       #
       #   simple_format(my_text)
       #   # => "<p>Here is some basic text...\n<br />...with a line break.</p>"
-      # 
+      #
       #   simple_format(my_text, {}, :wrapper_tag => "div")
       #   # => "<div>Here is some basic text...\n<br />...with a line break.</div>"
       #
       #   # => "<p><span>I'm allowed!</span> It's true.</p>"
       def simple_format(text, html_options = {}, options = {})
         wrapper_tag = options.fetch(:wrapper_tag, :p)
-        
+
         text = sanitize(text) if options.fetch(:sanitize, true)
         paragraphs = split_paragraphs(text)
 

File actionpack/test/template/text_helper_test.rb

     simple_format(text)
     assert_equal text_clone, text
   end
-  
+
   def test_simple_format_does_not_modify_the_html_options_hash
     options = { :class => "foobar"}
     passed_options = options.dup
     simple_format("some text", passed_options)
     assert_equal options, passed_options
   end
-  
+
   def test_simple_format_does_not_modify_the_options_hash
     options = { :wrapper_tag => :div, :sanitize => false }
     passed_options = options.dup
     assert_equal "\354\225\204\353\246\254\353\236\221 \354\225\204\353\246\254 ...".force_encoding('UTF-8'),
       truncate("\354\225\204\353\246\254\353\236\221 \354\225\204\353\246\254 \354\225\204\353\235\274\353\246\254\354\230\244".force_encoding('UTF-8'), :length => 10)
   end
-  
+
   def test_truncate_does_not_modify_the_options_hash
     options = { :length => 10 }
     passed_options = options.dup
     truncate("Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' }
   end
 
-  def test_truncate_should_not_mutate_the_options_hash
-    options = { :length => 27 }
-    truncate("Here's a long test and I need a continue to read link", options) { link_to 'Continue', '#' }
-    assert_equal({ :length => 27 }, options)
-  end
-
   def test_truncate_should_be_html_safe
     assert truncate("Hello World!", :length => 12).html_safe?
   end
       truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' }
   end
 
+  def test_truncate_with_block_should_escape_the_block
+    assert_equal "Here's a long test and I...&lt;script&gt;alert('foo');&lt;/script&gt;",
+      truncate("Here's a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" }
+  end
+
   def test_highlight_should_be_html_safe
     assert highlight("This is a beautiful morning", "beautiful").html_safe?
   end
       highlight("<div>abc div</div>", "div", :highlighter => '<b>\1</b>')
     )
   end
-  
+
   def test_highlight_does_not_modify_the_options_hash
     options = { :highlighter => '<b>\1</b>', :sanitize => false }
     passed_options = options.dup
   def test_excerpt_with_utf8
     assert_equal("...\357\254\203ciency could not be...".force_encoding('UTF-8'), excerpt("That's why e\357\254\203ciency could not be helped".force_encoding('UTF-8'), 'could', :radius => 8))
   end
-  
+
   def test_excerpt_does_not_modify_the_options_hash
     options = { :omission => "[...]",:radius => 5 }
     passed_options = options.dup
   def test_word_wrap_with_extra_newlines
     assert_equal("my very very\nvery long\nstring\n\nwith another\nline", word_wrap("my very very very long string\n\nwith another line", :line_width => 15))
   end
-  
+
   def test_word_wrap_does_not_modify_the_options_hash
     options = { :line_width => 15 }
     passed_options = options.dup