diff options
-rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
-rw-r--r-- | actionpack/lib/action_view/helpers/javascript_helper.rb | 7 | ||||
-rw-r--r-- | actionpack/test/template/javascript_helper.rb | 9 |
3 files changed, 15 insertions, 3 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 5e3bf1d00b..ba3c4bd485 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added JavascriptHelper#escape_javascript as a public method (was private) and made it escape both single and double quotes and new lines #940 [mortonda@dgrmm.net] + * Added trailing_slash option to url_for, so you can generate urls ending in a slash. Note that is currently not recommended unless you need it for special reasons since it breaks caching #937 [stian@grytoyr.net] * Added expire_matched_fragments(regular_expression) to clear out a lot of fragment caches at once #927 [technoweenie@gmail.com] diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index d5630bcdfe..5a07ebdc6e 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -148,11 +148,12 @@ module ActionView build_observer('Form.Observer', form_id, options) end - private + # Escape carrier returns and single and double quotes for Javascript segments. def escape_javascript(javascript) - (javascript || '').gsub('"', '\"') + (javascript || '').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" } end - + + private def options_for_ajax(options) js_options = build_callbacks(options) diff --git a/actionpack/test/template/javascript_helper.rb b/actionpack/test/template/javascript_helper.rb new file mode 100644 index 0000000000..39f02e90bf --- /dev/null +++ b/actionpack/test/template/javascript_helper.rb @@ -0,0 +1,9 @@ +require File.dirname(__FILE__) + '/../abstract_unit' + +class JavascriptHelperTest < Test::Unit::TestCase + include ActionView::Helpers::JavascriptHelper + + def test_escape_javascript + assert_equal %(This \\"thing\\" is really\\n netos\\'), escape_javascript(%(This "thing" is really\n netos')) + end +end |