| @@ -50,6 +50,41 module ActionView | |||
|
|
50 | 50 | end |
|
|
51 | 51 | end |
|
|
52 | 52 | |
|
|
53 | # Do not HTML escape text templates | |
|
|
54 | module ActionView | |
|
|
55 | class Template | |
|
|
56 | module Handlers | |
|
|
57 | class ERB | |
|
|
58 | def call(template) | |
|
|
59 | if template.source.encoding_aware? | |
|
|
60 | # First, convert to BINARY, so in case the encoding is | |
|
|
61 | # wrong, we can still find an encoding tag | |
|
|
62 | # (<%# encoding %>) inside the String using a regular | |
|
|
63 | # expression | |
|
|
64 | template_source = template.source.dup.force_encoding("BINARY") | |
|
|
65 | ||
|
|
66 | erb = template_source.gsub(ENCODING_TAG, '') | |
|
|
67 | encoding = $2 | |
|
|
68 | ||
|
|
69 | erb.force_encoding valid_encoding(template.source.dup, encoding) | |
|
|
70 | ||
|
|
71 | # Always make sure we return a String in the default_internal | |
|
|
72 | erb.encode! | |
|
|
73 | else | |
|
|
74 | erb = template.source.dup | |
|
|
75 | end | |
|
|
76 | ||
|
|
77 | self.class.erb_implementation.new( | |
|
|
78 | erb, | |
|
|
79 | :trim => (self.class.erb_trim_mode == "-"), | |
|
|
80 | :escape => template.identifier =~ /\.text/ # only escape HTML templates | |
|
|
81 | ).src | |
|
|
82 | end | |
|
|
83 | end | |
|
|
84 | end | |
|
|
85 | end | |
|
|
86 | end | |
|
|
87 | ||
|
|
53 | 88 | ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance| html_tag || ''.html_safe } |
|
|
54 | 89 | |
|
|
55 | 90 | require 'mail' |
| @@ -542,10 +542,27 class MailerTest < ActiveSupport::TestCase | |||
|
|
542 | 542 | end |
|
|
543 | 543 | end |
|
|
544 | 544 | |
|
|
545 | def test_should_escape_html_templates_only | |
|
|
546 | Issue.generate!(:project_id => 1, :tracker_id => 1, :subject => 'Subject with a <tag>') | |
|
|
547 | mail = last_email | |
|
|
548 | assert_equal 2, mail.parts.size | |
|
|
549 | assert_include '<tag>', text_part.body.encoded | |
|
|
550 | assert_include '<tag>', html_part.body.encoded | |
|
|
551 | end | |
|
|
552 | ||
|
|
545 | 553 | private |
|
|
554 | ||
|
|
546 | 555 | def last_email |
|
|
547 | 556 | mail = ActionMailer::Base.deliveries.last |
|
|
548 | 557 | assert_not_nil mail |
|
|
549 | 558 | |
|
|
550 | 559 | end |
|
|
560 | ||
|
|
561 | def text_part | |
|
|
562 | last_email.parts.detect {|part| part.content_type.include?('text/plain')} | |
|
|
563 | end | |
|
|
564 | ||
|
|
565 | def html_part | |
|
|
566 | last_email.parts.detect {|part| part.content_type.include?('text/html')} | |
|
|
567 | end | |
|
|
551 | 568 | end |
General Comments 0
You need to be logged in to leave comments.
Login now