vanderhoorn/rails-2-3-14-select_options.rb

## rails-2-3-14-select_options.rb
# A Rails 2.3.14 monkey patch for the "XSS Vulnerability in the select helper", as reported in:
# http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
#
module ActionView
  module Helpers
    class InstanceTag #:nodoc:
      private

      def add_options(option_tags, options, value = nil)
        if options[:include_blank]
          option_tags = content_tag('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
        end
        if value.blank? && options[:prompt]
          prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('support.select.prompt', :default => 'Please select')
          option_tags = content_tag('option', prompt, :value => '') + "\n" + option_tags
        end
        option_tags
      end
    end
  end
end
	# A Rails 2.3.14 monkey patch for the "XSS Vulnerability in the select helper", as reported in:
	# http://groups.google.com/group/rubyonrails-security/browse_thread/thread/9da0c515a6c4664
	#
	module ActionView
	module Helpers
	class InstanceTag #:nodoc:
	private

	def add_options(option_tags, options, value = nil)
	if options[:include_blank]
	option_tags = content_tag('option', options[:include_blank].kind_of?(String) ? options[:include_blank] : nil, :value => '') + "\n" + option_tags
	end
	if value.blank? && options[:prompt]
	prompt = options[:prompt].kind_of?(String) ? options[:prompt] : I18n.translate('support.select.prompt', :default => 'Please select')
	option_tags = content_tag('option', prompt, :value => '') + "\n" + option_tags
	end
	option_tags
	end
	end
	end
	end