Always HTML-escape the textarea body JangoSteve#176

mrj · Jul 26, 2017 · cba082b · cba082b
1 parent ed507d2
commit cba082b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/remotipart/render_overrides.rb b/lib/remotipart/render_overrides.rb
@@ -15,7 +15,7 @@ def self.included(base)
     def render_with_remotipart *args
       render_without_remotipart(*args)
       if remotipart_submitted?
-        textarea_body = response.content_type == 'text/html' ? html_escape(response.body) : response.body
+        textarea_body = true || response.content_type == 'text/html' ? html_escape(response.body) : response.body
         response.body = %{<script type=\"text/javascript\">try{window.parent.document;}catch(err){document.domain=document.domain;}</script> <textarea data-type=\"#{response.content_type}\" data-status=\"#{response.response_code}\" data-statusText=\"#{response.message}\">#{textarea_body}</textarea>}
         response.content_type = ::Rails.version >= '5' ? Mime[:html] : Mime::HTML
       end