diff options
| author | Sam Elliott <sam@lenary.co.uk> | 2010-04-16 23:24:57 +0100 |
|---|---|---|
| committer | Carl Lerche <carllerche@mac.com> | 2010-04-16 15:53:55 -0700 |
| commit | c16c248912e4ae3b6a64e6acdbf1a1e0dd2feb26 (patch) | |
| tree | 5f021a613464f19150f818422efe9fbdee614361 | |
| parent | ac015b1d07241f9702af41b079d27985c9b9a20f (diff) | |
| download | rails-c16c248912e4ae3b6a64e6acdbf1a1e0dd2feb26.tar.gz rails-c16c248912e4ae3b6a64e6acdbf1a1e0dd2feb26.tar.bz2 rails-c16c248912e4ae3b6a64e6acdbf1a1e0dd2feb26.zip | |
mail_to with :encode => :javascript now outputs safe html
Signed-off-by: Carl Lerche <carllerche@mac.com>
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 8 |
2 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 0b748d700b..4ffc5ea127 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -504,7 +504,7 @@ module ActionView "document.write('#{content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c| string << sprintf("%%%x", c) end - "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>" + "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>".html_safe elsif encode == "hex" email_address_encoded = '' email_address_obfuscated.each_byte do |c| diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index de63030714..4474949749 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -356,11 +356,15 @@ class UrlHelperTest < ActiveSupport::TestCase end def test_mail_to_with_javascript - assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript") + snippet = mail_to("me@domain.com", "My email", :encode => "javascript") + assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", snippet + assert snippet.html_safe? end def test_mail_to_with_javascript_unicode - assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%75%6e%69%63%6f%64%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%22%3e%c3%ba%6e%69%63%6f%64%65%3c%2f%61%3e%27%29%3b'))</script>", mail_to("unicode@example.com", "Ășnicode", :encode => "javascript") + snippet = mail_to("unicode@example.com", "Ășnicode", :encode => "javascript") + assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%75%6e%69%63%6f%64%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%22%3e%c3%ba%6e%69%63%6f%64%65%3c%2f%61%3e%27%29%3b'))</script>", snippet + assert snippet.html_safe end def test_mail_with_options |