diff options
| author | benmmurphy <benmmurphy@gmail.com> | 2012-02-22 16:11:03 +0000 |
|---|---|---|
| committer | Ben Murphy <benmmurphy@gmail.com> | 2012-03-11 17:28:02 +0000 |
| commit | c8168a7cdcdda114f634e8a429ba7ebac86eaf18 (patch) | |
| tree | 832afe6d612a8f60fe606b6fa07bc778f8896e5c /actionpack/lib/action_view | |
| parent | 4d2d0d9906f16a1255e10d55530907318b281c3e (diff) | |
| download | rails-c8168a7cdcdda114f634e8a429ba7ebac86eaf18.tar.gz rails-c8168a7cdcdda114f634e8a429ba7ebac86eaf18.tar.bz2 rails-c8168a7cdcdda114f634e8a429ba7ebac86eaf18.zip | |
ensure u2029 is escaped in escape_javascript helper
Diffstat (limited to 'actionpack/lib/action_view')
| -rw-r--r-- | actionpack/lib/action_view/helpers/javascript_helper.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index ac9e530f01..d88f5babb9 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -14,6 +14,8 @@ module ActionView } JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '
' + JS_ESCAPE_MAP["\342\200\251".force_encoding('UTF-8').encode!] = '
' + # Escapes carriage returns and single and double quotes for JavaScript segments. # @@ -22,7 +24,7 @@ module ActionView # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) if javascript - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } javascript.html_safe? ? result.html_safe : result else '' |