| @@ -50,6 +50,41 module ActionView | |||||
| 50 | end |
|
50 | end | |
| 51 | end |
|
51 | end | |
| 52 |
|
52 | |||
|
|
53 | # Do not HTML escape text templates | |||
|
|
54 | module ActionView | |||
|
|
55 | class Template | |||
|
|
56 | module Handlers | |||
|
|
57 | class ERB | |||
|
|
58 | def call(template) | |||
|
|
59 | if template.source.encoding_aware? | |||
|
|
60 | # First, convert to BINARY, so in case the encoding is | |||
|
|
61 | # wrong, we can still find an encoding tag | |||
|
|
62 | # (<%# encoding %>) inside the String using a regular | |||
|
|
63 | # expression | |||
|
|
64 | template_source = template.source.dup.force_encoding("BINARY") | |||
|
|
65 | ||||
|
|
66 | erb = template_source.gsub(ENCODING_TAG, '') | |||
|
|
67 | encoding = $2 | |||
|
|
68 | ||||
|
|
69 | erb.force_encoding valid_encoding(template.source.dup, encoding) | |||
|
|
70 | ||||
|
|
71 | # Always make sure we return a String in the default_internal | |||
|
|
72 | erb.encode! | |||
|
|
73 | else | |||
|
|
74 | erb = template.source.dup | |||
|
|
75 | end | |||
|
|
76 | ||||
|
|
77 | self.class.erb_implementation.new( | |||
|
|
78 | erb, | |||
|
|
79 | :trim => (self.class.erb_trim_mode == "-"), | |||
|
|
80 | :escape => template.identifier =~ /\.text/ # only escape HTML templates | |||
|
|
81 | ).src | |||
|
|
82 | end | |||
|
|
83 | end | |||
|
|
84 | end | |||
|
|
85 | end | |||
|
|
86 | end | |||
|
|
87 | ||||
| 53 | ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance| html_tag || ''.html_safe } |
|
88 | ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance| html_tag || ''.html_safe } | |
| 54 |
|
89 | |||
| 55 | require 'mail' |
|
90 | require 'mail' | |
| @@ -542,10 +542,27 class MailerTest < ActiveSupport::TestCase | |||||
| 542 | end |
|
542 | end | |
| 543 | end |
|
543 | end | |
| 544 |
|
544 | |||
|
|
545 | def test_should_escape_html_templates_only | |||
|
|
546 | Issue.generate!(:project_id => 1, :tracker_id => 1, :subject => 'Subject with a <tag>') | |||
|
|
547 | mail = last_email | |||
|
|
548 | assert_equal 2, mail.parts.size | |||
|
|
549 | assert_include '<tag>', text_part.body.encoded | |||
|
|
550 | assert_include '<tag>', html_part.body.encoded | |||
|
|
551 | end | |||
|
|
552 | ||||
| 545 | private |
|
553 | private | |
|
|
554 | ||||
| 546 | def last_email |
|
555 | def last_email | |
| 547 | mail = ActionMailer::Base.deliveries.last |
|
556 | mail = ActionMailer::Base.deliveries.last | |
| 548 | assert_not_nil mail |
|
557 | assert_not_nil mail | |
| 549 |
|
558 | |||
| 550 | end |
|
559 | end | |
|
|
560 | ||||
|
|
561 | def text_part | |||
|
|
562 | last_email.parts.detect {|part| part.content_type.include?('text/plain')} | |||
|
|
563 | end | |||
|
|
564 | ||||
|
|
565 | def html_part | |||
|
|
566 | last_email.parts.detect {|part| part.content_type.include?('text/html')} | |||
|
|
567 | end | |||
| 551 | end |
|
568 | end | |
General Comments 0
You need to be logged in to leave comments.
Login now