diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-03-12 10:09:34 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-03-12 10:09:34 -0700 |
| commit | dea486d00ed8b9beec767324dfd15bec72d8a1ca (patch) | |
| tree | e4a851f32a9c6bae53e0d7703a14b41593eb849b /actionpack/lib/action_view | |
| parent | 2b0558585fa495e61e67f4226aa3ba2eb7771106 (diff) | |
| parent | c8168a7cdcdda114f634e8a429ba7ebac86eaf18 (diff) | |
| download | rails-dea486d00ed8b9beec767324dfd15bec72d8a1ca.tar.gz rails-dea486d00ed8b9beec767324dfd15bec72d8a1ca.tar.bz2 rails-dea486d00ed8b9beec767324dfd15bec72d8a1ca.zip | |
Merge pull request #5380 from benmmurphy/escape_unicode_paragraph_separator
ensure u2029 is escaped in escape_javascript helper
Diffstat (limited to 'actionpack/lib/action_view')
| -rw-r--r-- | actionpack/lib/action_view/helpers/javascript_helper.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index ac9e530f01..d88f5babb9 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -14,6 +14,8 @@ module ActionView } JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '
' + JS_ESCAPE_MAP["\342\200\251".force_encoding('UTF-8').encode!] = '
' + # Escapes carriage returns and single and double quotes for JavaScript segments. # @@ -22,7 +24,7 @@ module ActionView # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) if javascript - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } javascript.html_safe? ? result.html_safe : result else '' |