Don't double-escape url_for in views. Closes #8144.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6942 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

3 files changed, 8 insertions, 1 deletions

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index fe81c8366b..5601199b10 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Don't double-escape url_for in views.  #8144 [Rich Collins, Josh Peek]
+
 * Allow JSON-style values for the :with option of observe_field.  Closes #8557 [kommen]
 
 * Remove RAILS_ROOT from backtrace paths.  #8540 [Tim Pope]
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index d22a1464a0..1fa9939d0e 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -78,7 +78,7 @@ module ActionView
           url    = polymorphic_path(options)
         end
 
-        escape ? html_escape(url) : url
+        escape ? escape_once(url) : url
       end
 
       # Creates a link tag of the given +name+ using a URL created by the set
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index 1762015d9d..43ec8ca0d3 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -25,6 +25,11 @@ class UrlHelperTest < Test::Unit::TestCase
     assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => false)
   end
 
+  def test_url_for_escapes_url_once
+    @controller.url = "http://www.example.com?a=b&amp;c=d"
+    assert_equal "http://www.example.com?a=b&amp;c=d", url_for("http://www.example.com?a=b&amp;c=d")
+  end
+
   # todo: missing test cases
   def test_button_to_with_straight_url
     assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button-to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com")