merb-helpers 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
@@ -243,9 +243,14 @@ module Merb::Helpers::Form::Builder
243
243
  ([b] + col.map do |item|
244
244
  text_meth = text_meth && item.respond_to?(text_meth) ? text_meth : :last
245
245
  value_meth = value_meth && item.respond_to?(value_meth) ? value_meth : :first
246
-
247
- text = item.is_a?(String) ? item : item.send(text_meth)
246
+
247
+ text = item.is_a?(String) ? item : item.send(text_meth)
248
248
  value = item.is_a?(String) ? item : item.send(value_meth)
249
+
250
+ unless Merb.disabled?(:merb_helper_escaping)
251
+ text = Merb::Parse.escape_xml(text)
252
+ value = Merb::Parse.escape_xml(value)
253
+ end
249
254
 
250
255
  option_attrs = {:value => value}
251
256
  if sel.is_a?(Array)
@@ -271,7 +276,12 @@ module Merb::Helpers::Form::Builder
271
276
  end
272
277
 
273
278
  def control_value(method)
274
- @obj ? @obj.send(method) : @origin.params[method]
279
+ value = @obj ? @obj.send(method) : @origin.params[method]
280
+ if Merb.disabled?(:merb_helper_escaping)
281
+ value.to_s
282
+ else
283
+ Merb::Parse.escape_xml(value.to_s)
284
+ end
275
285
  end
276
286
 
277
287
  def add_css_class(attrs, new_class)
@@ -0,0 +1,2 @@
1
+ class Hacker < Application
2
+ end
@@ -0,0 +1,5 @@
1
+ class HackerModel < FakeModel
2
+ def foo
3
+ '&"<>'
4
+ end
5
+ end
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj, :action => "/" do %>
2
+ <%= file_field :foo, :bar => "7", :label => "LABEL" %>
3
+ <% end =%>
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj, :action => "/" do %>
2
+ <%= hidden_field :foo, :bar => "7", :label => "LABEL" %>
3
+ <% end =%>
@@ -0,0 +1,4 @@
1
+ <%= form_for @obj do %>
2
+ <%= select( :foo, :collection => [FakeModel.new, HackerModel.new], :text_method => "foo", :value_method => "foo" ) %>
3
+ <% end =%>
4
+
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj, :action => "/" do %>
2
+ <%= password_field :foo, :bar => "7", :label => "LABEL" %>
3
+ <% end =%>
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj, :action => "/" do %>
2
+ <%= radio_button(:foo, :bar => "7", :label => "LABEL") %>
3
+ <% end =%>
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj do %>
2
+ <%= radio_group (:foo, ["foowee", "baree"]) %>
3
+ <% end =%>
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj, :action => "/" do %>
2
+ <%= text_area :foo, :bar => "7", :label => "LABEL" %>
3
+ <% end =%>
@@ -0,0 +1,3 @@
1
+ <%= form_for @obj, :action => "/" do %>
2
+ <%= text_field :foo, :bar => "7", :label => "LABEL" %>
3
+ <% end =%>
data/spec/merb.main.pid CHANGED
@@ -1 +1 @@
1
- 10407
1
+ 25322
@@ -2,9 +2,9 @@ require File.dirname(__FILE__) + '/spec_helper'
2
2
 
3
3
  # Quick rundown of how these specs work
4
4
  # please read before hacking on this plugin
5
- #
5
+ #
6
6
  # helpers must be tested through then entire stack
7
- # what that means is that each spec must
7
+ # what that means is that each spec must
8
8
  # send a request to a controller and render a template
9
9
  #
10
10
  # Start by creating a spec controller subclassing SpecController
@@ -14,7 +14,7 @@ require File.dirname(__FILE__) + '/spec_helper'
14
14
  # Create a new controller in the spec/fixture/app/controllers/ if you are adding a new helper
15
15
  #
16
16
  # To test your helper, start by initializing a controller
17
- #
17
+ #
18
18
  # @controller = CustomHelperSpecs.new(Merb::Request.new({}))
19
19
  #
20
20
  # Note that we are sending a real request to the controller, feel free to use the request as needed
@@ -24,7 +24,7 @@ require File.dirname(__FILE__) + '/spec_helper'
24
24
  #
25
25
  # @obj = FakeModel.new # FaKeModel is defined in spec/fixture/models/first_generic_fake_model.rb check it out!
26
26
  # @controller.instance_variable_set(:@obj, @obj)
27
- #
27
+ #
28
28
  # To test a helper, you need to render a view:
29
29
  #
30
30
  # result = @controller.render :view_name
@@ -82,17 +82,17 @@ describe "error_messages_for" do
82
82
  errs = @c.error_messages_for(@dm_obj, :error_class => "foo")
83
83
  errs.should include("<div class='foo'>")
84
84
  end
85
-
85
+
86
86
  it "should accept a custom header block" do
87
87
  errs = @c.error_messages_for(@dm_obj, :header => "<h3>Failure: %s issue%s</h3>")
88
88
  errs.should include("<h3>Failure: 2 issues</h3>")
89
89
  end
90
-
90
+
91
91
  # it "should put the error messages inside a form if :before is false" do
92
92
  # ret = @c.form_for @dm_obj do
93
93
  # _buffer << error_messages
94
94
  # end
95
- # ret.should =~ /\A\s*<form.*<div class='error'>/
95
+ # ret.should =~ /\A\s*<form.*<div class='error'>/
96
96
  # end
97
97
 
98
98
  end
@@ -128,22 +128,22 @@ describe "form" do
128
128
  ret = @c.render(:get_if_set)
129
129
  ret.should have_selector("form[method=get]")
130
130
  end
131
-
131
+
132
132
  it "should fake out the put method if set" do
133
133
  ret = @c.render(:fake_put_if_set)
134
134
  ret.should have_selector("form[method=post]")
135
135
  ret.should have_selector("input[type=hidden][name=_method][value=put]")
136
136
  end
137
-
137
+
138
138
  it "should fake out the delete method if set" do
139
139
  ret = @c.render(:fake_delete_if_set)
140
140
  ret.should have_selector("form[method=post]")
141
141
  ret.should have_selector("input[type=hidden][name=_method][value=delete]")
142
142
  end
143
-
143
+
144
144
  # TODO: Why is this required?
145
145
  # ---------------------------
146
- #
146
+ #
147
147
  # it "should silently set method to post if an unsupported method is used" do
148
148
  # form_tag :method => :dodgy do
149
149
  # _buffer << "CONTENT"
@@ -151,13 +151,13 @@ describe "form" do
151
151
  # _buffer.should match_tag(:form, :method => "post")
152
152
  # _buffer.should_not match_tag(:input, :type => "hidden", :name => "_method", :value => "dodgy")
153
153
  # end
154
-
154
+
155
155
  it "should take create a form" do
156
156
  ret = @c.render(:create_a_form)
157
157
  ret.should have_selector("form[action=foo][method=post]")
158
158
  ret.should include("Hello")
159
159
  end
160
-
160
+
161
161
  it "should set a form to be multipart" do
162
162
  ret = @c.render(:create_a_multipart_form)
163
163
  ret.should have_selector("form[action=foo][method=post][enctype='multipart/form-data']")
@@ -196,7 +196,7 @@ describe "form_for" do
196
196
  end
197
197
 
198
198
 
199
- describe "fields_for" do
199
+ describe "fields_for" do
200
200
 
201
201
  before :each do
202
202
  @c = FieldsForSpecs.new(Merb::Request.new({}))
@@ -248,7 +248,7 @@ describe "text_field" do
248
248
  r = @c.render :class
249
249
  r.should == "<input type=\"text\" class=\"awesome foobar text\"/>"
250
250
  end
251
-
251
+
252
252
  it "should be disabled if :disabled => true is passed in" do
253
253
  r = @c.render :disabled
254
254
  r.should have_selector("input[type=text][disabled=disabled]")
@@ -258,7 +258,7 @@ describe "text_field" do
258
258
  r = @c.render :label
259
259
  r.should match(/<label class="cool">LABEL<\/label>/)
260
260
  end
261
-
261
+
262
262
  end
263
263
 
264
264
  describe "bound_text_field" do
@@ -305,7 +305,7 @@ describe "bound_text_field" do
305
305
  end
306
306
 
307
307
  describe "bound_radio_button" do
308
-
308
+
309
309
  before :each do
310
310
  @c = BoundRadioButtonSpecs.new(Merb::Request.new({}))
311
311
  @c.instance_variable_set(:@obj, FakeModel.new)
@@ -348,7 +348,7 @@ describe "bound_radio_button" do
348
348
  end
349
349
 
350
350
  describe "password_field" do
351
-
351
+
352
352
  before :each do
353
353
  @c = PasswordFieldSpecs.new(Merb::Request.new({}))
354
354
  end
@@ -362,7 +362,7 @@ describe "password_field" do
362
362
  r = @c.render :basic
363
363
  r.should have_selector("label:contains('LABEL')")
364
364
  end
365
-
365
+
366
366
  it "should be disabled if :disabled => true is passed in" do
367
367
  r = @c.render :disabled
368
368
  r.should match_tag(:input, :type => "password", :disabled => "disabled")
@@ -420,7 +420,7 @@ describe "check_box" do
420
420
  before :each do
421
421
  @c = CheckBoxSpecs.new(Merb::Request.new({}))
422
422
  end
423
-
423
+
424
424
  it "should return a basic checkbox based on the values passed in" do
425
425
  r = @c.render :basic
426
426
  r.should match_tag(:input, :class => "checkbox", :name => "foo", :checked => "checked")
@@ -432,12 +432,12 @@ describe "check_box" do
432
432
  res = result.scan(/<[^>]*>/)
433
433
  res[0].should_not match_tag(:input, :label => "LABEL")
434
434
  end
435
-
435
+
436
436
  it 'should remove the checked="checked" attribute if :checked is false or nil' do
437
437
  r = @c.render :unchecked
438
438
  r.should_not include('checked="')
439
439
  end
440
-
440
+
441
441
  it 'should have the checked="checked" attribute if :checked => true is passed in' do
442
442
  r = @c.render :basic
443
443
  r.should include('checked="checked"')
@@ -453,7 +453,7 @@ describe "check_box" do
453
453
  r.should have_tag(:input, :type => "checkbox", :value => "1")
454
454
  r.should have_tag(:input, :type => "hidden", :value => "0")
455
455
  r.should match(/<input.*?type="hidden"[^>]*>[^<]*<input.*?type="checkbox"[^>]*>/)
456
-
456
+
457
457
  end
458
458
 
459
459
  it "should not allow a :value param if boolean" do
@@ -476,7 +476,7 @@ describe "check_box" do
476
476
  lambda { @c.render :raise_unless_both_on_and_off }.should raise_error(ArgumentError, /must be specified/)
477
477
  lambda { @c.render :raise_unless_both_on_and_off }.should raise_error(ArgumentError, /must be specified/)
478
478
  end
479
-
479
+
480
480
  it "should convert :value to a string on a non-boolean checkbox" do
481
481
  r = @c.render :to_string
482
482
  r.should match_tag(:input, :value => "")
@@ -487,12 +487,12 @@ describe "check_box" do
487
487
  r.should match_tag(:input, :value => "1")
488
488
  r.should match_tag(:input, :value => "true")
489
489
  end
490
-
490
+
491
491
  it "should be disabled if :disabled => true is passed in" do
492
492
  r = @c.render :disabled
493
493
  r.should match_tag(:input, :type => "checkbox", :disabled => "disabled")
494
494
  end
495
-
495
+
496
496
  it "should be possible to call with just check_box" do
497
497
  r = @c.render :simple
498
498
  r.should match_tag(:input, :type => "checkbox", :class => "checkbox")
@@ -507,7 +507,7 @@ describe "bound_check_box" do
507
507
  end
508
508
 
509
509
  it "should take a string and return a useful checkbox control" do
510
- r = @c.render :basic
510
+ r = @c.render :basic
511
511
  r.should match_tag(:input, :type =>"checkbox", :name => "fake_model[baz]", :class => "checkbox", :value => "1", :checked => "checked", :id => "fake_model_baz")
512
512
  r.should match_tag(:input, :type =>"hidden", :name => "fake_model[baz]", :value => "0")
513
513
  end
@@ -526,8 +526,8 @@ describe "bound_check_box" do
526
526
  :value => "1",
527
527
  :checked => "checked",
528
528
  :id => "fake_dm_model_baz")
529
-
530
- r.should match_tag(:input, :type =>"hidden", :name => "fake_dm_model[bat]", :value => "0")
529
+
530
+ r.should match_tag(:input, :type =>"hidden", :name => "fake_dm_model[bat]", :value => "0")
531
531
  r.should match_tag(:input, :type =>"checkbox", :name => "fake_dm_model[bat]", :class => "checkbox", :value => "1")
532
532
  end
533
533
 
@@ -538,7 +538,7 @@ describe "bound_check_box" do
538
538
  end
539
539
 
540
540
  it "should render controls with errors if their attribute contains an error" do
541
- r = @c.render :errors
541
+ r = @c.render :errors
542
542
  r.should match_tag(:input, :type =>"checkbox", :name => "fake_model[bazbad]", :class => "error checkbox", :value => "1", :checked => "checked")
543
543
  r.should match_tag(:input, :type =>"hidden", :name => "fake_model[batbad]", :value => "0")
544
544
  end
@@ -570,13 +570,13 @@ describe "bound_check_box" do
570
570
  r = @c.render :basic
571
571
  r.should match_tag(:input, :type => "checkbox", :class => "error checkbox")
572
572
  end
573
-
573
+
574
574
  it "should be boolean" do
575
575
  r = @c.render :basic
576
576
  r.should have_tag(:input, :type => "checkbox", :value => "1")
577
577
  r.should have_tag(:input, :type => "hidden", :value => "0")
578
578
  end
579
-
579
+
580
580
  it "should be checked if the value of the model's attribute is equal to the value of :on" do
581
581
  r = @c.render :checked
582
582
  r.should match_tag(:input, :type =>"checkbox", :value => "foowee", :checked => "checked")
@@ -586,7 +586,7 @@ describe "bound_check_box" do
586
586
  end
587
587
 
588
588
  describe "hidden_field" do
589
-
589
+
590
590
  before :each do
591
591
  @c = HiddenFieldSpecs.new(Merb::Request.new({}))
592
592
  end
@@ -601,7 +601,7 @@ describe "hidden_field" do
601
601
  res.should_not match(/<label>LABEL/)
602
602
  res.should_not match_tag(:input, :label=> "LABEL")
603
603
  end
604
-
604
+
605
605
  it "should be disabled if :disabled => true is passed in" do
606
606
  r = @c.render :disabled
607
607
  r.should match_tag(:input, :type => "hidden", :disabled => "disabled")
@@ -654,7 +654,7 @@ describe "bound_hidden_field" do
654
654
  end
655
655
 
656
656
  describe "radio_button" do
657
-
657
+
658
658
  before :each do
659
659
  @c = RadioButtonSpecs.new(Merb::Request.new({}))
660
660
  end
@@ -681,7 +681,7 @@ describe "radio_button" do
681
681
  end
682
682
 
683
683
  describe "radio_group" do
684
-
684
+
685
685
  before :each do
686
686
  @c = RadioGroupSpecs.new(Merb::Request.new({}))
687
687
  end
@@ -728,7 +728,7 @@ end
728
728
 
729
729
 
730
730
  describe "bound_radio_group" do
731
-
731
+
732
732
  before do
733
733
  @c = BoundRadioGroupSpecs.new(Merb::Request.new({}))
734
734
  @c.instance_variable_set(:@obj, FakeModel.new)
@@ -746,7 +746,7 @@ describe "bound_radio_group" do
746
746
  r.scan( /<input.*?><label.*?>(foowee|baree)<\/label>/ ).size.should == 2
747
747
  radio = r.scan(/<[^>]*>/)[2..-2]
748
748
  radio[0].should_not match_tag(:input, :label => "LABEL")
749
- radio[3].should_not match_tag(:input, :label => "LABEL")
749
+ radio[3].should_not match_tag(:input, :label => "LABEL")
750
750
  end
751
751
 
752
752
  it "should accept array of hashes as options" do
@@ -782,7 +782,7 @@ end
782
782
 
783
783
 
784
784
  describe "text_area" do
785
-
785
+
786
786
  before do
787
787
  @c = TextAreaSpecs.new(Merb::Request.new({}))
788
788
  end
@@ -800,7 +800,7 @@ describe "text_area" do
800
800
 
801
801
  # TODO: Why is this required?
802
802
  # ---------------------------
803
- #
803
+ #
804
804
  # it "should handle a nil attributes hash" do
805
805
  # text_area("CONTENT", nil).should == "<textarea>CONTENT</textarea>"
806
806
  # end
@@ -810,14 +810,14 @@ describe "text_area" do
810
810
  result.should match(/<label.*>LABEL<\/label><textarea/)
811
811
  result.should_not match_tag(:textarea, :label => "LABEL")
812
812
  end
813
-
813
+
814
814
  it "should be disabled if :disabled => true is passed in" do
815
815
  r = @c.render :disabled
816
816
  r.should match_tag(:textarea, :disabled => "disabled")
817
817
  end
818
818
  end
819
819
 
820
- describe "bound_text_area" do
820
+ describe "bound_text_area" do
821
821
 
822
822
  before do
823
823
  @c = BoundTextAreaSpecs.new(Merb::Request.new({}))
@@ -833,11 +833,11 @@ describe "bound_text_area" do
833
833
  end
834
834
 
835
835
  describe "select" do
836
-
836
+
837
837
  before do
838
838
  @c = SelectSpecs.new(Merb::Request.new({}))
839
839
  end
840
-
840
+
841
841
  it "should provide a blank option if you :include_blank" do
842
842
  r = @c.render :blank
843
843
  r.should =~ /<option.*>\s*<\/option>/
@@ -854,7 +854,7 @@ describe "bound_select" do
854
854
  before do
855
855
  @c = BoundSelectSpecs.new(Merb::Request.new({}))
856
856
  @c.instance_variable_set(:@obj, FakeModel.new)
857
- end
857
+ end
858
858
 
859
859
  it "should render the select tag with the correct id and name" do
860
860
  r = @c.render :basic
@@ -904,7 +904,7 @@ describe "bound_select" do
904
904
  end
905
905
 
906
906
  describe "bound option tags" do
907
-
907
+
908
908
  before do
909
909
  @c = BoundOptionTagSpecs.new(Merb::Request.new({}))
910
910
  @c.instance_variable_set(:@obj, FakeModel.new)
@@ -912,9 +912,9 @@ describe "bound option tags" do
912
912
 
913
913
 
914
914
  it "should use text_method and value_method for tag generation" do
915
- r = @c.render :text_and_value
915
+ r = @c.render :text_and_value
916
916
  r.should match_tag( :option, :content => "foowee", :value => "7" )
917
- r.should match_tag( :option, :content => "foowee2", :value => "barbar" )
917
+ r.should match_tag( :option, :content => "foowee2", :value => "barbar" )
918
918
 
919
919
  # content = options_from_collection_for_select( [FakeModel.new, FakeModel2.new], :text_method => 'foo', :value_method => 'bar' )
920
920
  # content.should match_tag( :option, :content => "foowee", :value => "7" )
@@ -966,7 +966,7 @@ end
966
966
  require "hpricot"
967
967
 
968
968
  describe "option tags" do
969
-
969
+
970
970
  before do
971
971
  @c = OptionTagSpecs.new(Merb::Request.new({}))
972
972
  @c.instance_variable_set(:@collection, [['rabbit','Rabbit'],['horse','Horse'],['bird','Bird']])
@@ -1067,12 +1067,12 @@ describe "file_field" do
1067
1067
  r = @c.render :with_label
1068
1068
  r.should have_selector("label:contains('LABEL') + input.file[type=file]")
1069
1069
  end
1070
-
1070
+
1071
1071
  it "should be disabled if :disabled => true is passed in" do
1072
1072
  r = @c.render :disabled
1073
1073
  r.should have_selector("input[type=file][disabled=disabled]")
1074
1074
  end
1075
-
1075
+
1076
1076
  it "should make the surrounding form multipart" do
1077
1077
  r = @c.render :makes_multipart
1078
1078
  r.should have_selector("form[enctype='multipart/form-data']")
@@ -1107,8 +1107,8 @@ describe "submit" do
1107
1107
 
1108
1108
  before :each do
1109
1109
  @c = SubmitSpecs.new(Merb::Request.new({}))
1110
- end
1111
-
1110
+ end
1111
+
1112
1112
  it "should return a basic submit input based on the values passed in" do
1113
1113
  r = @c.render :submit_with_values
1114
1114
  r.should have_selector("input[type=submit][name=foo][value=Done]")
@@ -1119,11 +1119,11 @@ describe "submit" do
1119
1119
  r.should have_selector("input[type=submit][name=submit][value=Done]")
1120
1120
  r.should have_selector("label:contains('LABEL')")
1121
1121
  end
1122
-
1122
+
1123
1123
  it "should be disabled if :disabled => true is passed in" do
1124
1124
  r = @c.render :disabled_submit
1125
1125
  r.should have_selector("input[type=submit][value=Done][disabled=disabled]")
1126
- end
1126
+ end
1127
1127
  end
1128
1128
 
1129
1129
  describe "button" do
@@ -1131,7 +1131,7 @@ describe "button" do
1131
1131
  before :each do
1132
1132
  @c = ButtonSpecs.new(Merb::Request.new({}))
1133
1133
  end
1134
-
1134
+
1135
1135
  it "should return a button based on the values passed in" do
1136
1136
  r = @c.render :button_with_values
1137
1137
  r.should have_selector("button[type=button][name=foo][value=bar]:contains('Click Me')")
@@ -1151,7 +1151,7 @@ end
1151
1151
 
1152
1152
 
1153
1153
  class MyBuilder < Merb::Helpers::Form::Builder::Base
1154
-
1154
+
1155
1155
  def update_bound_controls(method, attrs, type)
1156
1156
  super
1157
1157
  attrs[:bound] = type
@@ -1161,16 +1161,16 @@ class MyBuilder < Merb::Helpers::Form::Builder::Base
1161
1161
  super
1162
1162
  attrs[:unbound] = type
1163
1163
  end
1164
-
1164
+
1165
1165
  end
1166
1166
 
1167
1167
  describe "custom builder" do
1168
-
1168
+
1169
1169
  before :each do
1170
1170
  @c = CustomBuilderSpecs.new(Merb::Request.new({}))
1171
1171
  @c.instance_variable_set(:@obj, FakeModel.new)
1172
- end
1173
-
1172
+ end
1173
+
1174
1174
  it "should let you override update_bound_controls" do
1175
1175
  r = @c.render :everything
1176
1176
  r.should =~ / bound="file"/
@@ -1180,7 +1180,7 @@ describe "custom builder" do
1180
1180
  r.should =~ / bound="radio"/
1181
1181
  r.should =~ / bound="text_area"/
1182
1182
  end
1183
-
1183
+
1184
1184
  it "should let you override update_unbound_controls" do
1185
1185
  r = @c.render :everything
1186
1186
  r.should have_selector("button[unbound=button]")
@@ -1196,7 +1196,7 @@ describe 'delete_button' do
1196
1196
  @controller = DeleteButtonSpecs.new(Merb::Request.new({}))
1197
1197
  @controller.instance_variable_set(:@obj, FakeModel.new)
1198
1198
  end
1199
-
1199
+
1200
1200
  it "should have a default submit button text" do
1201
1201
  result = @controller.render :simple_delete # <%= delete_button @obj %>
1202
1202
  result.should have_selector("input[type=submit][value=Delete]")
@@ -1212,26 +1212,59 @@ describe 'delete_button' do
1212
1212
  result = @controller.render :delete_with_label # <%= delete_button(@obj, "Delete moi!") %>
1213
1213
  result.should have_selector("input[type=submit][value='Delete moi!']")
1214
1214
  end
1215
-
1215
+
1216
1216
  it "should allow you to pass some extra params like a class" do
1217
1217
  result = @controller.render :delete_with_extra_params
1218
1218
  result.should have_selector("input.custom-class[type=submit][value=Delete]")
1219
1219
  end
1220
-
1220
+
1221
1221
  it "should allow to pass an explicit url as a string" do
1222
1222
  result = @controller.render :delete_with_explicit_url # <%= delete_button('/test/custom_url') %>
1223
1223
  result.should have_selector("form[action='/test/custom_url'][method=post]")
1224
1224
  end
1225
-
1225
+
1226
1226
  end
1227
1227
 
1228
- # describe "control_value" do
1229
- #
1230
- #
1231
- # it 'should escape [&"<>]' do
1232
- # @obj.vin = '&"<>'
1233
- # f = form_for :obj do
1234
- # control_value(:vin).should == '&amp;&quot;&lt;&gt;'
1235
- # end
1236
- # end
1237
- # end
1228
+ describe "escaping values" do
1229
+
1230
+ before :each do
1231
+ @c = Hacker.new(Merb::Request.new({}))
1232
+ @c.instance_variable_set(:@obj, HackerModel.new)
1233
+ end
1234
+
1235
+ it "should escape bound text field values" do
1236
+ r = @c.render :text_field
1237
+ r.should =~ /&amp;&quot;&lt;&gt;/
1238
+ end
1239
+
1240
+ it "should escape bound hidden field values" do
1241
+ r = @c.render :hidden_field
1242
+ r.should =~ /&amp;&quot;&lt;&gt;/
1243
+ end
1244
+
1245
+ it "should escape bound password field values" do
1246
+ r = @c.render :password_field
1247
+ r.should =~ /&amp;&quot;&lt;&gt;/
1248
+ end
1249
+
1250
+ it "should escape bound text area values" do
1251
+ r = @c.render :text_area
1252
+ r.should =~ /&amp;&quot;&lt;&gt;/
1253
+ end
1254
+
1255
+ it "should escape bound file field values" do
1256
+ r = @c.render :file_field
1257
+ r.should =~ /&amp;&quot;&lt;&gt;/
1258
+ end
1259
+
1260
+ it "should escape bound option tag values" do
1261
+ r = @c.render :option_tag
1262
+ r.should =~ /&amp;&quot;&lt;&gt;/
1263
+ end
1264
+
1265
+ it "should escape bound radio button values" do
1266
+ r = @c.render :radio_button
1267
+ r.should =~ /&amp;&quot;&lt;&gt;/
1268
+ end
1269
+
1270
+ end
data/spec/merb_test.log CHANGED
@@ -40,3 +40,24 @@
40
40
  ~ {:before_filters_time=>6.0e-06, :dispatch_time=>0.000631, :after_filters_time=>6.0e-06, :action_time=>0.000445}
41
41
  ~
42
42
 
43
+ ~ Compiling routes...
44
+ ~ Started request handling: Mon Dec 15 19:19:40 -0800 2008
45
+ ~ Params: {"format"=>nil, "action"=>"tag_with_content", "id"=>nil, "controller"=>"tag_helper"}
46
+ ~ {:after_filters_time=>1.5e-05, :dispatch_time=>0.000935, :before_filters_time=>1.6e-05, :action_time=>0.000635}
47
+ ~
48
+
49
+ ~ Started request handling: Mon Dec 15 19:19:40 -0800 2008
50
+ ~ Params: {"format"=>nil, "action"=>"tag_with_content_in_the_block", "id"=>nil, "controller"=>"tag_helper"}
51
+ ~ {:after_filters_time=>5.0e-06, :dispatch_time=>0.000663, :before_filters_time=>6.0e-06, :action_time=>0.000402}
52
+ ~
53
+
54
+ ~ Started request handling: Mon Dec 15 19:19:40 -0800 2008
55
+ ~ Params: {"format"=>nil, "action"=>"tag_with_attributes", "id"=>nil, "controller"=>"tag_helper"}
56
+ ~ {:after_filters_time=>4.0e-06, :dispatch_time=>0.000514, :before_filters_time=>5.0e-06, :action_time=>0.000332}
57
+ ~
58
+
59
+ ~ Started request handling: Mon Dec 15 19:19:40 -0800 2008
60
+ ~ Params: {"format"=>nil, "action"=>"nested_tags", "id"=>nil, "controller"=>"tag_helper"}
61
+ ~ {:after_filters_time=>6.0e-06, :dispatch_time=>0.000648, :before_filters_time=>5.0e-06, :action_time=>0.000453}
62
+ ~
63
+
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-helpers
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael D. Ivey
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-12-08 00:00:00 -08:00
12
+ date: 2008-12-15 00:00:00 -08:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -20,7 +20,7 @@ dependencies:
20
20
  requirements:
21
21
  - - ">="
22
22
  - !ruby/object:Gem::Version
23
- version: 1.0.4
23
+ version: 1.0.5
24
24
  version:
25
25
  description: Helper support for Merb
26
26
  email: ivey@gweezlebur.com
@@ -77,6 +77,7 @@ files:
77
77
  - spec/fixture/app/controllers/foo.rb
78
78
  - spec/fixture/app/controllers/form.rb
79
79
  - spec/fixture/app/controllers/form_for.rb
80
+ - spec/fixture/app/controllers/hacker.rb
80
81
  - spec/fixture/app/controllers/hidden_field.rb
81
82
  - spec/fixture/app/controllers/label.rb
82
83
  - spec/fixture/app/controllers/numeric_ext.rb
@@ -97,6 +98,7 @@ files:
97
98
  - spec/fixture/app/models
98
99
  - spec/fixture/app/models/fake_dm_model.rb
99
100
  - spec/fixture/app/models/first_generic_fake_model.rb
101
+ - spec/fixture/app/models/hacker_generic_model.rb
100
102
  - spec/fixture/app/models/second_generic_fake_model.rb
101
103
  - spec/fixture/app/models/third_generic_fake_model.rb
102
104
  - spec/fixture/app/views
@@ -193,6 +195,15 @@ files:
193
195
  - spec/fixture/app/views/form_specs/get_if_set.html.erb
194
196
  - spec/fixture/app/views/form_specs/post_by_default.html.erb
195
197
  - spec/fixture/app/views/form_specs/resourceful_form.html.erb
198
+ - spec/fixture/app/views/hacker
199
+ - spec/fixture/app/views/hacker/file_field.html.erb
200
+ - spec/fixture/app/views/hacker/hidden_field.html.erb
201
+ - spec/fixture/app/views/hacker/option_tag.html.erb
202
+ - spec/fixture/app/views/hacker/password_field.html.erb
203
+ - spec/fixture/app/views/hacker/radio_button.html.erb
204
+ - spec/fixture/app/views/hacker/radio_group.html.erb
205
+ - spec/fixture/app/views/hacker/text_area.html.erb
206
+ - spec/fixture/app/views/hacker/text_field.html.erb
196
207
  - spec/fixture/app/views/hidden_field_specs
197
208
  - spec/fixture/app/views/hidden_field_specs/basic.html.erb
198
209
  - spec/fixture/app/views/hidden_field_specs/disabled.html.erb