From 12223742aa1bb09f84ff78ab617af40f0a9b80ba Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 8 Aug 2012 15:20:47 -0700 Subject: [PATCH] escape select_tag :prompt values --- actionpack/lib/action_view/helpers/form_tag_helper.rb | 4 ++-- actionpack/test/template/form_tag_helper_test.rb | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb index 4b808ad..bb5071c 100644 --- a/actionpack/lib/action_view/helpers/form_tag_helper.rb +++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb @@ -100,9 +100,9 @@ module ActionView html_name = (options[:multiple] == true && !name.to_s.ends_with?("[]")) ? "#{name}[]" : name if blank = options.delete(:include_blank) if blank.kind_of?(String) - option_tags = "".html_safe + option_tags + option_tags = content_tag(:option, blank, :value => '').safe_concat(option_tags) else - option_tags = "".html_safe + option_tags + option_tags = content_tag(:option, '', :value => '').safe_concat(option_tags) end end content_tag :select, option_tags, { "name" => html_name, "id" => sanitize_to_id(name) }.update(options.stringify_keys) diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb index 3c94c7a..e87db7a 100644 --- a/actionpack/test/template/form_tag_helper_test.rb +++ b/actionpack/test/template/form_tag_helper_test.rb @@ -195,6 +195,12 @@ class FormTagHelperTest < ActionView::TestCase assert_dom_equal expected, actual end + def test_select_tag_escapes_prompt + actual = select_tag "places", "".html_safe, :prompt => "" + expected = %() + assert_dom_equal expected, actual + end + def test_select_tag_with_include_blank_with_string actual = select_tag "places", "".html_safe, :include_blank => "string" expected = %() -- 1.7.11.1