Fixed that single quote was not escaped in a UrlHelper#link_to javascript confirm #549 [Scott Barron]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@837 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: David Heinemeier Hansson <david@loudthinking.com> 2005-03-06 12:07:13 +0000
committer: David Heinemeier Hansson <david@loudthinking.com> 2005-03-06 12:07:13 +0000
commit: 25b656fefa75954cffff119a14cf7650f4f99a92 (patch)
tree: f61ce9d31d432a7c25284509b8309c270ebe2775 /actionpack/lib
parent: eb5ca2ea5ff55e2f6a49580afab5e0ddd0b2bf11 (diff)
download: rails-25b656fefa75954cffff119a14cf7650f4f99a92.tar.gz
rails-25b656fefa75954cffff119a14cf7650f4f99a92.tar.bz2
rails-25b656fefa75954cffff119a14cf7650f4f99a92.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 6c5e338e54..7acfb6407a 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -138,7 +138,7 @@ module ActionView
       private
         def convert_confirm_option_to_javascript!(html_options)
           if confirm = html_options.delete("confirm")
-            html_options["onclick"] = "return confirm('#{confirm}');"
+            html_options["onclick"] = "return confirm('#{confirm.gsub(/'/, '\\\\\'')}');"
           end
         end
     end
author	David Heinemeier Hansson <david@loudthinking.com>	2005-03-06 12:07:13 +0000
committer	David Heinemeier Hansson <david@loudthinking.com>	2005-03-06 12:07:13 +0000
commit	25b656fefa75954cffff119a14cf7650f4f99a92 (patch)
tree	f61ce9d31d432a7c25284509b8309c270ebe2775 /actionpack/lib
parent	eb5ca2ea5ff55e2f6a49580afab5e0ddd0b2bf11 (diff)
download	rails-25b656fefa75954cffff119a14cf7650f4f99a92.tar.gz rails-25b656fefa75954cffff119a14cf7650f4f99a92.tar.bz2 rails-25b656fefa75954cffff119a14cf7650f4f99a92.zip