From eb85169b9a9e4bff8cdf8dd0d0d8e3d9e156e747 Mon Sep 17 00:00:00 2001 From: Christopher Meiklejohn Date: Tue, 7 Jun 2011 22:36:51 -0400 Subject: [PATCH 1/4] Fragment caching needs to operate on the pure output, not the safebuffer. --- actionpack/lib/action_view/helpers/cache_helper.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/actionpack/lib/action_view/helpers/cache_helper.rb b/actionpack/lib/action_view/helpers/cache_helper.rb index e81d03b537..d070f14af1 100644 --- a/actionpack/lib/action_view/helpers/cache_helper.rb +++ b/actionpack/lib/action_view/helpers/cache_helper.rb @@ -51,7 +51,9 @@ module ActionView # This dance is needed because Builder can't use capture pos = output_buffer.length yield - fragment = output_buffer.slice!(pos..-1) + safe_output_buffer = output_buffer.to_str + fragment = safe_output_buffer.slice!(pos..-1) + self.output_buffer = ActionView::OutputBuffer.new(safe_output_buffer) controller.write_fragment(name, fragment, options) end end From 509aa663601defc7c821c253d010605951e9d986 Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Wed, 8 Jun 2011 00:25:56 -0400 Subject: [PATCH 2/4] Fix `simple_format` helper to work correctly with the new SafeBuffer rule. This has been ported from `3-0-stable` [ed3796434af6069ced6a641293cf88eef3b284da] --- actionpack/lib/action_view/helpers/text_helper.rb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index ca09c77b5c..4f63405c7c 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -255,14 +255,16 @@ module ActionView # simple_format("I'm allowed! It's true.", {}, :sanitize => false) # # => "

I'm allowed! It's true.

" def simple_format(text, html_options={}, options={}) - text = ''.html_safe if text.nil? + text = text ? text.to_str : '' + text = text.dup if text.frozen? start_tag = tag('p', html_options, true) - text = sanitize(text) unless options[:sanitize] == false text.gsub!(/\r\n?/, "\n") # \r\n and \r -> \n text.gsub!(/\n\n+/, "

\n\n#{start_tag}") # 2+ newline -> paragraph text.gsub!(/([^\n]\n)(?=[^\n])/, '\1
') # 1 newline -> br text.insert 0, start_tag - text.html_safe.safe_concat("

") + text.concat("

") + text = sanitize(text) unless options[:sanitize] == false + text end # Creates a Cycle object whose _to_s_ method cycles through elements of an From d1a74755b3e4f379b1427d9a858c174177678d03 Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Wed, 8 Jun 2011 01:07:39 -0400 Subject: [PATCH 3/4] Adapt [823aa223efbac6ad4d31ea33402892267bb77cb4] to make sure we perform cloning before manipulation only on `OutputBuffer`. After the fragment rendering, `Builder` returns the `String` object instead of `ActionView::OutputBuffer`. Somehow the same procedure which was in [823aa223efbac6ad4d31ea33402892267bb77cb4] does not play nice with the String, and result in the fragment got lost. --- actionpack/lib/action_view/helpers/cache_helper.rb | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/actionpack/lib/action_view/helpers/cache_helper.rb b/actionpack/lib/action_view/helpers/cache_helper.rb index d070f14af1..b57617b3d1 100644 --- a/actionpack/lib/action_view/helpers/cache_helper.rb +++ b/actionpack/lib/action_view/helpers/cache_helper.rb @@ -51,9 +51,13 @@ module ActionView # This dance is needed because Builder can't use capture pos = output_buffer.length yield - safe_output_buffer = output_buffer.to_str - fragment = safe_output_buffer.slice!(pos..-1) - self.output_buffer = ActionView::OutputBuffer.new(safe_output_buffer) + if output_buffer.is_a?(ActionView::OutputBuffer) + safe_output_buffer = output_buffer.to_str + fragment = safe_output_buffer.slice!(pos..-1) + self.output_buffer = ActionView::OutputBuffer.new(safe_output_buffer) + else + fragment = output_buffer.slice!(pos..-1) + end controller.write_fragment(name, fragment, options) end end From 719e05da06d68cb8c767f6f27cec3d069d10ab7a Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Wed, 8 Jun 2011 01:51:48 -0400 Subject: [PATCH 4/4] Add proper fix to `mail_to` helper. * Fix the problem on manipulating on the `ActiveSupport::SafeBuffer` * Make sure that we run `escape_javascript` on the `String`, to avoid unexpected behavior. --- actionpack/lib/action_view/helpers/url_helper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 5488c752cc..9edc9b8706 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -497,14 +497,14 @@ module ActionView }.compact extras = extras.empty? ? '' : '?' + ERB::Util.html_escape(extras.join('&')) - email_address_obfuscated = email_address.dup + email_address_obfuscated = email_address.to_str email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.key?("replace_at") email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.key?("replace_dot") case encode when "javascript" string = '' html = content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge("href" => "mailto:#{email_address}#{extras}".html_safe)) - html = escape_javascript(html) + html = escape_javascript(html.to_str) "document.write('#{html}');".each_byte do |c| string << sprintf("%%%x", c) end