3 files changed, 7 insertions, 1 deletions

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index dca6e65f46..a319ba5770 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Fixed that single quote was not escaped in a UrlHelper#link_to javascript confirm #549 [Scott Barron]
+
 * Removed the default border on link_image_to (it broke xhtml strict) -- can be specified with :border => 0 #517 [?/caleb]
 
 * Fixed that form helpers would treat string and symbol keys differently in html_options (and possibly create duplicate entries) #112 [bitsweat]
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 6c5e338e54..7acfb6407a 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -138,7 +138,7 @@ module ActionView
       private
         def convert_confirm_option_to_javascript!(html_options)
           if confirm = html_options.delete("confirm")
-            html_options["onclick"] = "return confirm('#{confirm}');"
+            html_options["onclick"] = "return confirm('#{confirm.gsub(/'/, '\\\\\'')}');"
           end
         end
     end
diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb
index 47241bd09f..a38a259167 100644
--- a/actionpack/test/template/url_helper_test.rb
+++ b/actionpack/test/template/url_helper_test.rb
@@ -27,6 +27,10 @@ class UrlHelperTest < Test::Unit::TestCase
       "<a href=\"http://www.world.com\" onclick=\"return confirm('Are you sure?');\">Hello</a>",
       link_to("Hello", "http://www.world.com", :confirm => "Are you sure?")
     )
+    assert_equal(
+      "<a href=\"http://www.world.com\" onclick=\"return confirm('You can\\'t possibly be sure, can you?');\">Hello</a>", 
+      link_to("Hello", "http://www.world.com", :confirm => "You can't possibly be sure, can you?")
+    )
   end
 
   def test_link_image_to