aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbenmmurphy <benmmurphy@gmail.com>2012-02-22 16:11:03 +0000
committerBen Murphy <benmmurphy@gmail.com>2012-03-11 17:28:02 +0000
commitc8168a7cdcdda114f634e8a429ba7ebac86eaf18 (patch)
tree832afe6d612a8f60fe606b6fa07bc778f8896e5c
parent4d2d0d9906f16a1255e10d55530907318b281c3e (diff)
downloadrails-c8168a7cdcdda114f634e8a429ba7ebac86eaf18.tar.gz
rails-c8168a7cdcdda114f634e8a429ba7ebac86eaf18.tar.bz2
rails-c8168a7cdcdda114f634e8a429ba7ebac86eaf18.zip
ensure u2029 is escaped in escape_javascript helper
-rw-r--r--actionpack/lib/action_view/helpers/javascript_helper.rb4
-rw-r--r--actionpack/test/template/javascript_helper_test.rb2
2 files changed, 5 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb
index ac9e530f01..d88f5babb9 100644
--- a/actionpack/lib/action_view/helpers/javascript_helper.rb
+++ b/actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -14,6 +14,8 @@ module ActionView
}
JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '&#x2028;'
+ JS_ESCAPE_MAP["\342\200\251".force_encoding('UTF-8').encode!] = '&#x2029;'
+
# Escapes carriage returns and single and double quotes for JavaScript segments.
#
@@ -22,7 +24,7 @@ module ActionView
# $('some_element').replaceWith('<%=j render 'some/element_template' %>');
def escape_javascript(javascript)
if javascript
- result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
+ result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
javascript.html_safe? ? result.html_safe : result
else
''
diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb
index 9441bd6b38..64898f7ad1 100644
--- a/actionpack/test/template/javascript_helper_test.rb
+++ b/actionpack/test/template/javascript_helper_test.rb
@@ -28,6 +28,8 @@ class JavaScriptHelperTest < ActionView::TestCase
assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags))
assert_equal %(unicode &#x2028; newline), escape_javascript(%(unicode \342\200\250 newline).force_encoding('UTF-8').encode!)
+ assert_equal %(unicode &#x2029; newline), escape_javascript(%(unicode \342\200\251 newline).force_encoding('UTF-8').encode!)
+
assert_equal %(dont <\\/close> tags), j(%(dont </close> tags))
end