File 3-0-strip_tags.patch of Package rubygem-actionpack-2_3.869

From 5b88a577ea82c8d33eeb9840af7d23a443ef6444 Mon Sep 17 00:00:00 2001
From: Santiago Pastorino <santiago@wyeworks.com>
Date: Wed, 8 Aug 2012 14:33:39 -0700
Subject: [PATCH] Do not mark strip_tags result as html_safe

Thanks to Marek Labos & Nethemba
---
 actionpack/lib/action_view/helpers/sanitize_helper.rb | 2 +-
 actionpack/test/template/sanitize_helper_test.rb      | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

Index: lib/action_view/helpers/sanitize_helper.rb
===================================================================
--- lib/action_view/helpers/sanitize_helper.rb.orig	2012-08-15 16:07:58.912338496 +0200
+++ lib/action_view/helpers/sanitize_helper.rb	2012-08-15 16:08:04.355058496 +0200
@@ -72,7 +72,7 @@ module ActionView
       #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
       #   # => Welcome to my website!
       def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html).try(:html_safe)
+        self.class.full_sanitizer.sanitize(html)
       end
 
       # Strips all link tags from +text+ leaving just the link text.
Index: test/template/sanitize_helper_test.rb
===================================================================
--- test/template/sanitize_helper_test.rb.orig	2012-08-15 16:07:58.965364996 +0200
+++ test/template/sanitize_helper_test.rb	2012-08-15 16:08:04.357059496 +0200
@@ -42,9 +42,9 @@ class SanitizeHelperTest < ActionView::T
     [nil, '', '   '].each do |blank|
       stripped = strip_tags(blank)
       assert_equal blank, stripped
-      assert stripped.html_safe? unless blank.nil?
     end
-    assert strip_tags("<script>").html_safe?
+    assert_equal "", strip_tags("<script>")
+    assert_equal "something &lt;img onerror=alert(1337)", ERB::Util.html_escape(strip_tags("something <img onerror=alert(1337)"))
   end
 
   def test_sanitize_is_marked_safe