diff options
| author | Rick Olson <technoweenie@gmail.com> | 2006-10-18 15:58:07 +0000 |
|---|---|---|
| committer | Rick Olson <technoweenie@gmail.com> | 2006-10-18 15:58:07 +0000 |
| commit | 02358c83b76f9fc56b6cabaee24b244d17d08cff (patch) | |
| tree | 88b5b9b207163e5d5ceb48e6e7c672c78dc65d91 /actionpack | |
| parent | a0f74092a8fa1eff96de67b70c711fd8408a4ab5 (diff) | |
| download | rails-02358c83b76f9fc56b6cabaee24b244d17d08cff.tar.gz rails-02358c83b76f9fc56b6cabaee24b244d17d08cff.tar.bz2 rails-02358c83b76f9fc56b6cabaee24b244d17d08cff.zip | |
Fix double-escaped entities, such as &amp;, &#123;, etc. [Rick]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@5321 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/tag_helper.rb | 7 | ||||
| -rw-r--r-- | actionpack/test/template/tag_helper_test.rb | 12 |
3 files changed, 20 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 91b786eb59..1993fcf41c 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Fix double-escaped entities, such as &amp;, &#123;, etc. [Rick] + * Fix deprecation warnings when rendering the template error template. [Nicholas Seckar] * Fix routing to correctly determine when generation fails. Closes #6300. [psross]. diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index 6c71b8b767..6001b21e63 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -34,7 +34,7 @@ module ActionView private def tag_options(options) cleaned_options = convert_booleans(options.stringify_keys.reject {|key, value| value.nil?}) - ' ' + cleaned_options.map {|key, value| %(#{key}="#{html_escape(value.to_s)}")}.sort * ' ' unless cleaned_options.empty? + ' ' + cleaned_options.map {|key, value| %(#{key}="#{fix_double_escape(html_escape(value.to_s))}")}.sort * ' ' unless cleaned_options.empty? end def convert_booleans(options) @@ -45,6 +45,11 @@ module ActionView def boolean_attribute(options, attribute) options[attribute] ? options[attribute] = attribute : options.delete(attribute) end + + # Fix double-escaped entities, such as &amp;, &#123;, etc. + def fix_double_escape(escaped) + escaped.gsub(/&([a-z]+|(#\d+));/i) { "&#{$1};" } + end end end end diff --git a/actionpack/test/template/tag_helper_test.rb b/actionpack/test/template/tag_helper_test.rb index b45be96959..8611f4c9bd 100644 --- a/actionpack/test/template/tag_helper_test.rb +++ b/actionpack/test/template/tag_helper_test.rb @@ -38,4 +38,16 @@ class TagHelperTest < Test::Unit::TestCase def test_cdata_section assert_equal "<![CDATA[<hello world>]]>", cdata_section("<hello world>") end + + def test_double_escaping_attributes + ['1&2', '1 < 2', '“test“'].each do |escaped| + assert_equal %(<a href="#{escaped}" />), tag('a', :href => escaped) + end + end + + def test_skip_invalid_escaped_attributes + ['&1;', 'dfa3;', '& #123;'].each do |escaped| + assert_equal %(<a href="#{escaped.gsub /&/, '&'}" />), tag('a', :href => escaped) + end + end end |