Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #8546 (closed defect: fixed)

Opened 1 year ago

Last modified 6 months ago

[PATCH] RJS redirect_to inappropriately html-escapes a string argument

Reported by: eventualbuddha Assigned to: bitsweat
Priority: normal Milestone: 2.x
Component: ActionPack Version: edge
Severity: minor Keywords: prototype_helper
Cc:

Description

When passing redirect_to an argument it delegates the responsibility of dealing with it to url_for, which currently thinks of things from an HTML-centric viewpoint, assuming that it should html-escape strings. In RJS, this is not the case. An included failing test demonstrates that 

http://www.example.com/welcome?a=b&c=d

is inappropriately converted to 

http://www.example.com/welcome?a=b&c=d

when using redirect_to in RJS, causing the site to wrongly parse the querystring parameters. I don't have time to make a proper fix right now, but if no one else takes it up I'll get to it in a few days.

Attachments

javascript-redirect-to-html-escapes-when-it-should-not.diff (0.6 kB) - added by eventualbuddha on 06/01/07 17:47:04.
dont_escape_redirect_urls.diff (2.5 kB) - added by josh on 06/16/07 04:11:34.

Change History

06/01/07 17:47:04 changed by eventualbuddha

  • attachment javascript-redirect-to-html-escapes-when-it-should-not.diff added.

06/16/07 01:05:49 changed by josh

  • keywords set to prototype_helper.
  • owner changed from core to bitsweat.
  • severity changed from normal to minor.
  • summary changed from RJS redirect_to inappropriately html-escapes a string argument to [PATCH] RJS redirect_to inappropriately html-escapes a string argument.

I got the patch, but Trac won't let me post it at the minute. Will try again later. (Temp patch)

I added tests for the normal http redirects to ensure that also aren't escape the url and they do pass.

06/16/07 04:11:34 changed by josh

  • attachment dont_escape_redirect_urls.diff added.

04/02/08 12:49:02 changed by pratik

  • status changed from new to closed.
  • resolution set to fixed.

(In [9212]) Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546