Changeset 5322
- Timestamp:
- 10/18/06 16:42:19 (2 years ago)
- Files:
-
- trunk/actionpack/CHANGELOG (modified) (1 diff)
- trunk/actionpack/lib/action_view/helpers/tag_helper.rb (modified) (1 diff)
- trunk/actionpack/lib/action_view/helpers/url_helper.rb (modified) (1 diff)
- trunk/actionpack/test/template/tag_helper_test.rb (modified) (1 diff)
- trunk/actionpack/test/template/url_helper_test.rb (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/actionpack/CHANGELOG
r5321 r5322 1 1 *SVN* 2 3 * Add <%= escape_once html %> to escape html while leaving any currently escaped entities alone. Fix button_to double-escaping issue. [Rick] 2 4 3 5 * Fix double-escaped entities, such as &amp;, &#123;, etc. [Rick] trunk/actionpack/lib/action_view/helpers/tag_helper.rb
r5321 r5322 32 32 end 33 33 34 # Escapes a given string, while leaving any currently escaped entities alone. 35 # 36 # escape_once("1 > 2 & 3") 37 # # => "1 < 2 & 3" 38 # 39 def escape_once(html) 40 fix_double_escape(html_escape(html.to_s)) 41 end 42 34 43 private 35 44 def tag_options(options) 36 45 cleaned_options = convert_booleans(options.stringify_keys.reject {|key, value| value.nil?}) 37 ' ' + cleaned_options.map {|key, value| %(#{key}="#{ fix_double_escape(html_escape(value.to_s))}")}.sort * ' ' unless cleaned_options.empty?46 ' ' + cleaned_options.map {|key, value| %(#{key}="#{escape_once(value)}")}.sort * ' ' unless cleaned_options.empty? 38 47 end 39 48 trunk/actionpack/lib/action_view/helpers/url_helper.rb
r4914 r5322 132 132 133 133 html_options.merge!("type" => "submit", "value" => name) 134 135 "<form method=\"#{form_method}\" action=\"#{ hurl}\" class=\"button-to\"><div>" +134 135 "<form method=\"#{form_method}\" action=\"#{escape_once url}\" class=\"button-to\"><div>" + 136 136 method_tag + tag("input", html_options) + "</div></form>" 137 137 end trunk/actionpack/test/template/tag_helper_test.rb
r5321 r5322 40 40 end 41 41 42 def test_escape_once 43 assert_equal '1 < 2 & 3', escape_once('1 < 2 & 3') 44 end 45 42 46 def test_double_escaping_attributes 43 47 ['1&2', '1 < 2', '“test“'].each do |escaped| trunk/actionpack/test/template/url_helper_test.rb
r4914 r5322 37 37 def test_button_to_with_query 38 38 assert_dom_equal "<form method=\"post\" action=\"http://www.example.com/q1=v1&q2=v2\" class=\"button-to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com/q1=v1&q2=v2") 39 end 40 41 def test_button_to_with_escaped_query 42 assert_dom_equal "<form method=\"post\" action=\"http://www.example.com/q1=v1&q2=v2\" class=\"button-to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com/q1=v1&q2=v2") 39 43 end 40 44
