diff --git a/config/initializers/10-patches.rb b/config/initializers/10-patches.rb index e4a110cfa..c2d0a5fad 100644 --- a/config/initializers/10-patches.rb +++ b/config/initializers/10-patches.rb @@ -50,6 +50,41 @@ module ActionView end end +# Do not HTML escape text templates +module ActionView + class Template + module Handlers + class ERB + def call(template) + if template.source.encoding_aware? + # First, convert to BINARY, so in case the encoding is + # wrong, we can still find an encoding tag + # (<%# encoding %>) inside the String using a regular + # expression + template_source = template.source.dup.force_encoding("BINARY") + + erb = template_source.gsub(ENCODING_TAG, '') + encoding = $2 + + erb.force_encoding valid_encoding(template.source.dup, encoding) + + # Always make sure we return a String in the default_internal + erb.encode! + else + erb = template.source.dup + end + + self.class.erb_implementation.new( + erb, + :trim => (self.class.erb_trim_mode == "-"), + :escape => template.identifier =~ /\.text/ # only escape HTML templates + ).src + end + end + end + end +end + ActionView::Base.field_error_proc = Proc.new{ |html_tag, instance| html_tag || ''.html_safe } require 'mail' diff --git a/test/unit/mailer_test.rb b/test/unit/mailer_test.rb index 3721ad497..ae755a51a 100644 --- a/test/unit/mailer_test.rb +++ b/test/unit/mailer_test.rb @@ -542,10 +542,27 @@ class MailerTest < ActiveSupport::TestCase end end -private + def test_should_escape_html_templates_only + Issue.generate!(:project_id => 1, :tracker_id => 1, :subject => 'Subject with a ') + mail = last_email + assert_equal 2, mail.parts.size + assert_include '', text_part.body.encoded + assert_include '<tag>', html_part.body.encoded + end + + private + def last_email mail = ActionMailer::Base.deliveries.last assert_not_nil mail mail end + + def text_part + last_email.parts.detect {|part| part.content_type.include?('text/plain')} + end + + def html_part + last_email.parts.detect {|part| part.content_type.include?('text/html')} + end end