From ad3d285d2756120ce9ac0bb21e0f2866c14f5513 Mon Sep 17 00:00:00 2001
From: Gerry <git@caulfield.me>
Date: Mon, 22 May 2017 11:10:40 +1000
Subject: [PATCH] Make template_format checking use a whitelist

Code such as the follow contains :html in the
template_formats list, but is made invalid if a html
comment is appended to it.

```ruby
render(
  partial: 'scss partial',
  locals: { main_color: '#f0f' },
  formats: :scss
)
```

I've changed the template_format checking code so that
it only applies the template when we are absoutely
certain that the template is in the expected format.
---
 lib/rails_view_annotator/action_view/partial_renderer.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/rails_view_annotator/action_view/partial_renderer.rb b/lib/rails_view_annotator/action_view/partial_renderer.rb
index 7c86663..1a5b72e 100644
--- a/lib/rails_view_annotator/action_view/partial_renderer.rb
+++ b/lib/rails_view_annotator/action_view/partial_renderer.rb
@@ -23,12 +23,12 @@ def self.augment_partial_renderer klass
       if inner.present?
         comment_pattern = "%{partial}"
         template_formats = RailsViewAnnotator.extract_requested_formats_from(args)
-        if template_formats.include?(:text) # Do not render any comments for raw plaintext repsonses
-          return inner
-        elsif template_formats.include?(:js)
+        if template_formats == [:js]
           comment_pattern = "/* begin: %{comment} */\n#{comment_pattern}/* end: %{comment} */"
-        elsif template_formats.empty? || template_formats.include?(:html)
+        elsif template_formats == [:html]
           comment_pattern = "<!-- begin: %{comment} -->\n#{comment_pattern}<!-- end: %{comment} -->"
+        else
+          return inner # Do not render any comments for responses we do not support
         end
 
         (comment_pattern % {:partial => inner, :comment => descriptor}).html_safe