end
end
+# Do not HTML escape text templates
+module ActionView
+ class Template
+ module Handlers
+ class ERB
+ def call(template)
+ if template.source.encoding_aware?
+ # First, convert to BINARY, so in case the encoding is
+ # wrong, we can still find an encoding tag
+ # (<%# encoding %>) inside the String using a regular
+ # expression
+ template_source = template.source.dup.force_encoding("BINARY")
+
+ erb = template_source.gsub(ENCODING_TAG, '')
+ encoding = $2
+
+ erb.force_encoding valid_encoding(template.source.dup, encoding)
+
+ # Always make sure we return a String in the default_internal
+ erb.encode!
+ else
+ erb = template.source.dup
+ end
+
+ self.class.erb_implementation.new(
+ erb,
+ :trim => (self.class.erb_trim_mode == "-"),
+ :escape => template.identifier =~ /\.text/ # only escape HTML templates
+ ).src
+ end
+ end
+ end
+ end
+end
+
ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance| html_tag || ''.html_safe }
require 'mail'
end
end
-private
+ def test_should_escape_html_templates_only
+ Issue.generate!(:project_id => 1, :tracker_id => 1, :subject => 'Subject with a <tag>')
+ mail = last_email
+ assert_equal 2, mail.parts.size
+ assert_include '<tag>', text_part.body.encoded
+ assert_include '<tag>', html_part.body.encoded
+ end
+
+ private
+
def last_email
mail = ActionMailer::Base.deliveries.last
assert_not_nil mail
mail
end
+
+ def text_part
+ last_email.parts.detect {|part| part.content_type.include?('text/plain')}
+ end
+
+ def html_part
+ last_email.parts.detect {|part| part.content_type.include?('text/html')}
+ end
end
projects / redmine.git / commitdiff