Merge pull request #23242 from maclover7/fix-error-sec

Fix undefined error for `ActionController::Parameters`

actionpack/lib/abstract_controller/rendering.rb

@@ -77,13 +77,10 @@ module AbstractController
     # render "foo/bar" to render :file => "foo/bar".
     # :api: plugin
     def _normalize_args(action=nil, options={})
-      case action
+      if action.respond_to?(:permitted?) && action.permitted?
-      when ActionController::Parameters
+        raise ArgumentError, "render parameters are not permitted"
-        unless action.permitted?
-          raise ArgumentError, "render parameters are not permitted"
-        end
         action
-      when Hash
+      elsif action.is_a?(Hash)
         action
       else
         options

actionview/test/template/text_helper_test.rb

@@ -44,11 +44,11 @@ class TextHelperTest < ActionView::TestCase
   end
 
   def test_simple_format_should_sanitize_input_when_sanitize_option_is_not_false
-    assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
+    assert_equal "<p><b> test with unsafe string </b>code!</p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
   end
 
   def test_simple_format_should_sanitize_input_when_sanitize_option_is_true
-    assert_equal '<p><b> test with unsafe string </b></p>',
+    assert_equal '<p><b> test with unsafe string </b>code!</p>',
       simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true)
   end
 
@@ -193,7 +193,7 @@ class TextHelperTest < ActionView::TestCase
 
   def test_highlight_should_sanitize_input
     assert_equal(
-      "This is a <mark>beautiful</mark> morning",
+      "This is a <mark>beautiful</mark> morningcode!",
       highlight("This is a beautiful morning<script>code!</script>", "beautiful")
     )
   end