mirror of https://github.com/rails/rails
Merge pull request #23242 from maclover7/fix-error-sec
Fix undefined error for `ActionController::Parameters`
This commit is contained in:
parent
fcf0f42494
commit
5ed694e0ce
|
@ -77,13 +77,10 @@ module AbstractController
|
|||
# render "foo/bar" to render :file => "foo/bar".
|
||||
# :api: plugin
|
||||
def _normalize_args(action=nil, options={})
|
||||
case action
|
||||
when ActionController::Parameters
|
||||
unless action.permitted?
|
||||
raise ArgumentError, "render parameters are not permitted"
|
||||
end
|
||||
if action.respond_to?(:permitted?) && action.permitted?
|
||||
raise ArgumentError, "render parameters are not permitted"
|
||||
action
|
||||
when Hash
|
||||
elsif action.is_a?(Hash)
|
||||
action
|
||||
else
|
||||
options
|
||||
|
|
|
@ -44,11 +44,11 @@ class TextHelperTest < ActionView::TestCase
|
|||
end
|
||||
|
||||
def test_simple_format_should_sanitize_input_when_sanitize_option_is_not_false
|
||||
assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
|
||||
assert_equal "<p><b> test with unsafe string </b>code!</p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
|
||||
end
|
||||
|
||||
def test_simple_format_should_sanitize_input_when_sanitize_option_is_true
|
||||
assert_equal '<p><b> test with unsafe string </b></p>',
|
||||
assert_equal '<p><b> test with unsafe string </b>code!</p>',
|
||||
simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true)
|
||||
end
|
||||
|
||||
|
@ -193,7 +193,7 @@ class TextHelperTest < ActionView::TestCase
|
|||
|
||||
def test_highlight_should_sanitize_input
|
||||
assert_equal(
|
||||
"This is a <mark>beautiful</mark> morning",
|
||||
"This is a <mark>beautiful</mark> morningcode!",
|
||||
highlight("This is a beautiful morning<script>code!</script>", "beautiful")
|
||||
)
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue