diff options
author | David Heinemeier Hansson <david@loudthinking.com> | 2007-09-22 18:31:44 +0000 |
---|---|---|
committer | David Heinemeier Hansson <david@loudthinking.com> | 2007-09-22 18:31:44 +0000 |
commit | da5d8fa6ad1b3ba6fcaaf81acbfff17b177f9964 (patch) | |
tree | c3c568730768c6fba130ecbe7544eed1d2f50fc1 /actionpack | |
parent | 9809dc4540e17d98c10f90a6ef4131cd712fb8b2 (diff) | |
download | rails-da5d8fa6ad1b3ba6fcaaf81acbfff17b177f9964.tar.gz rails-da5d8fa6ad1b3ba6fcaaf81acbfff17b177f9964.tar.bz2 rails-da5d8fa6ad1b3ba6fcaaf81acbfff17b177f9964.zip |
Fixed JavaScriptHelper#escape_javascript to also escape closing tags (closes #8023) [rubyruy]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7567 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
-rw-r--r-- | actionpack/lib/action_view/helpers/javascript_helper.rb | 2 | ||||
-rw-r--r-- | actionpack/test/template/javascript_helper_test.rb | 1 |
3 files changed, 4 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 0835258d5e..c27933445a 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 [rubyruy] + * Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 [seth] * Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 [Bounga] diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 45a5791efe..8e7542e206 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -149,7 +149,7 @@ module ActionView # Escape carrier returns and single and double quotes for JavaScript segments. def escape_javascript(javascript) - (javascript || '').gsub('\\','\0\0').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" } + (javascript || '').gsub('\\','\0\0').gsub('</','<\/').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" } end # Returns a JavaScript tag with the +content+ inside. Example: diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb index ec6a02ba45..76a46e8504 100644 --- a/actionpack/test/template/javascript_helper_test.rb +++ b/actionpack/test/template/javascript_helper_test.rb @@ -21,6 +21,7 @@ class JavaScriptHelperTest < Test::Unit::TestCase assert_equal '', escape_javascript(nil) assert_equal %(This \\"thing\\" is really\\n netos\\'), escape_javascript(%(This "thing" is really\n netos')) assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) ) + assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags)) end def test_link_to_function |