Changeset 5321
- Timestamp:
- 10/18/06 15:58:07 (2 years ago)
- Files:
-
- trunk/actionpack/CHANGELOG (modified) (1 diff)
- trunk/actionpack/lib/action_view/helpers/tag_helper.rb (modified) (2 diffs)
- trunk/actionpack/test/template/tag_helper_test.rb (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/CHANGELOG
r5315 r5321 1 1 *SVN* 2 3 * Fix double-escaped entities, such as &, {, etc. [Rick] 2 4 3 5 * Fix deprecation warnings when rendering the template error template. [Nicholas Seckar] trunk/actionpack/lib/action_view/helpers/tag_helper.rb
r2543 r5321 35 35 def tag_options(options) 36 36 cleaned_options = convert_booleans(options.stringify_keys.reject {|key, value| value.nil?}) 37 ' ' + cleaned_options.map {|key, value| %(#{key}="#{ html_escape(value.to_s)}")}.sort * ' ' unless cleaned_options.empty?37 ' ' + cleaned_options.map {|key, value| %(#{key}="#{fix_double_escape(html_escape(value.to_s))}")}.sort * ' ' unless cleaned_options.empty? 38 38 end 39 39 … … 46 46 options[attribute] ? options[attribute] = attribute : options.delete(attribute) 47 47 end 48 49 # Fix double-escaped entities, such as &, {, etc. 50 def fix_double_escape(escaped) 51 escaped.gsub(/&([a-z]+|(#\d+));/i) { "&#{$1};" } 52 end 48 53 end 49 54 end trunk/actionpack/test/template/tag_helper_test.rb
r4675 r5321 39 39 assert_equal "<![CDATA[<hello world>]]>", cdata_section("<hello world>") 40 40 end 41 42 def test_double_escaping_attributes 43 ['1&2', '1 < 2', '“test“'].each do |escaped| 44 assert_equal %(<a href="#{escaped}" />), tag('a', :href => escaped) 45 end 46 end 47 48 def test_skip_invalid_escaped_attributes 49 ['&1;', 'dfa3;', '& #123;'].each do |escaped| 50 assert_equal %(<a href="#{escaped.gsub /&/, '&'}" />), tag('a', :href => escaped) 51 end 52 end 41 53 end
