diff options
| -rw-r--r-- | actionpack/test/template/erb_util_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/form_options_helper_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/form_tag_helper_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/javascript_helper_test.rb | 10 | ||||
| -rw-r--r-- | actionpack/test/template/text_helper_test.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/template/url_helper_test.rb | 2 | ||||
| -rw-r--r-- | activesupport/CHANGELOG.md | 2 | ||||
| -rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 2 | ||||
| -rw-r--r-- | activesupport/test/core_ext/string_ext_test.rb | 2 | ||||
| -rw-r--r-- | railties/test/application/assets_test.rb | 4 |
10 files changed, 16 insertions, 14 deletions
diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb index f1cb920963..3e5b029cea 100644 --- a/actionpack/test/template/erb_util_test.rb +++ b/actionpack/test/template/erb_util_test.rb @@ -45,7 +45,7 @@ class ErbUtilTest < ActiveSupport::TestCase end def test_html_escape_once - assert_equal '1 <>&"' 2 & 3', html_escape_once('1 <>&"\' 2 & 3') + assert_equal '1 <>&"' 2 & 3', html_escape_once('1 <>&"\' 2 & 3') end def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings diff --git a/actionpack/test/template/form_options_helper_test.rb b/actionpack/test/template/form_options_helper_test.rb index f908de865e..54ab8b4d3a 100644 --- a/actionpack/test/template/form_options_helper_test.rb +++ b/actionpack/test/template/form_options_helper_test.rb @@ -1124,7 +1124,7 @@ class FormOptionsHelperTest < ActionView::TestCase def test_options_for_select_with_element_attributes assert_dom_equal( - "<option value=\"<Denmark>\" class=\"bold\"><Denmark></option>\n<option value=\"USA\" onclick=\"alert('Hello World');\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>", + "<option value=\"<Denmark>\" class=\"bold\"><Denmark></option>\n<option value=\"USA\" onclick=\"alert('Hello World');\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>", options_for_select([ [ "<Denmark>", { :class => 'bold' } ], [ "USA", { :onclick => "alert('Hello World');" } ], [ "Sweden" ], "Germany" ]) ) end diff --git a/actionpack/test/template/form_tag_helper_test.rb b/actionpack/test/template/form_tag_helper_test.rb index 3c66a29754..945dff2a29 100644 --- a/actionpack/test/template/form_tag_helper_test.rb +++ b/actionpack/test/template/form_tag_helper_test.rb @@ -391,7 +391,7 @@ class FormTagHelperTest < ActionView::TestCase def test_submit_tag assert_dom_equal( - %(<input name='commit' data-disable-with="Saving..." onclick="alert('hello!')" type="submit" value="Save" />), + %(<input name='commit' data-disable-with="Saving..." onclick="alert('hello!')" type="submit" value="Save" />), submit_tag("Save", :onclick => "alert('hello!')", :data => { :disable_with => "Saving..." }) ) end diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb index 4a9a382afa..58784c26fa 100644 --- a/actionpack/test/template/javascript_helper_test.rb +++ b/actionpack/test/template/javascript_helper_test.rb @@ -44,14 +44,14 @@ class JavaScriptHelperTest < ActionView::TestCase def test_button_to_function assert_deprecated "button_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do - assert_dom_equal %(<input type="button" onclick="alert('Hello world!');" value="Greeting" />), + assert_dom_equal %(<input type="button" onclick="alert('Hello world!');" value="Greeting" />), button_to_function("Greeting", "alert('Hello world!')") end end def test_button_to_function_with_onclick assert_deprecated "button_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do - assert_dom_equal "<input onclick=\"alert('Goodbye World :('); alert('Hello world!');\" type=\"button\" value=\"Greeting\" />", + assert_dom_equal "<input onclick=\"alert('Goodbye World :('); alert('Hello world!');\" type=\"button\" value=\"Greeting\" />", button_to_function("Greeting", "alert('Hello world!')", :onclick => "alert('Goodbye World :(')") end end @@ -65,21 +65,21 @@ class JavaScriptHelperTest < ActionView::TestCase def test_link_to_function assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do - assert_dom_equal %(<a href="#" onclick="alert('Hello world!'); return false;">Greeting</a>), + assert_dom_equal %(<a href="#" onclick="alert('Hello world!'); return false;">Greeting</a>), link_to_function("Greeting", "alert('Hello world!')") end end def test_link_to_function_with_existing_onclick assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do - assert_dom_equal %(<a href="#" onclick="confirm('Sanity!'); alert('Hello world!'); return false;">Greeting</a>), + assert_dom_equal %(<a href="#" onclick="confirm('Sanity!'); alert('Hello world!'); return false;">Greeting</a>), link_to_function("Greeting", "alert('Hello world!')", :onclick => "confirm('Sanity!')") end end def test_function_with_href assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do - assert_dom_equal %(<a href="http://example.com/" onclick="alert('Hello world!'); return false;">Greeting</a>), + assert_dom_equal %(<a href="http://example.com/" onclick="alert('Hello world!'); return false;">Greeting</a>), link_to_function("Greeting", "alert('Hello world!')", :href => 'http://example.com/') end end diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index 4525efe73c..412d13bb2b 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -149,7 +149,7 @@ class TextHelperTest < ActionView::TestCase end def test_truncate_with_block_should_escape_the_block - assert_equal "Here is a long test and ...<script>alert('foo');</script>", + assert_equal "Here is a long test and ...<script>alert('foo');</script>", truncate("Here is a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" } end diff --git a/actionpack/test/template/url_helper_test.rb b/actionpack/test/template/url_helper_test.rb index 9c4271f19b..134177d74d 100644 --- a/actionpack/test/template/url_helper_test.rb +++ b/actionpack/test/template/url_helper_test.rb @@ -244,7 +244,7 @@ class UrlHelperTest < ActiveSupport::TestCase def test_link_tag_with_custom_onclick link = link_to("Hello", "http://www.example.com", :onclick => "alert('yay!')") - expected = %{<a href="http://www.example.com" onclick="alert('yay!')">Hello</a>} + expected = %{<a href="http://www.example.com" onclick="alert('yay!')">Hello</a>} assert_dom_equal expected, link end diff --git a/activesupport/CHANGELOG.md b/activesupport/CHANGELOG.md index 47280c3dc8..3914f4dc4c 100644 --- a/activesupport/CHANGELOG.md +++ b/activesupport/CHANGELOG.md @@ -1,5 +1,7 @@ ## Rails 4.0.0 (unreleased) ## +* `ERB::Util.html_escape` encodes single quote as `#39`. Decimal form has better support in old browsers. *Kalys Osmonov* + * `ActiveSupport::Callbacks`: deprecate monkey patch of object callbacks. Using the #filter method like this: diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index dad4b29d46..999b715981 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -3,7 +3,7 @@ require 'active_support/core_ext/kernel/singleton_class' class ERB module Util - HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+));)/ JSON_ESCAPE_REGEXP = /[&"><]/ diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb index dc5ae0eafc..6720ed42f0 100644 --- a/activesupport/test/core_ext/string_ext_test.rb +++ b/activesupport/test/core_ext/string_ext_test.rb @@ -500,7 +500,7 @@ class OutputSafetyTest < ActiveSupport::TestCase test "ERB::Util.html_escape should escape unsafe characters" do string = '<>&"\'' - expected = '<>&"'' + expected = '<>&"'' assert_equal expected, ERB::Util.html_escape(string) end diff --git a/railties/test/application/assets_test.rb b/railties/test/application/assets_test.rb index c29fa4d95f..9c402fab02 100644 --- a/railties/test/application/assets_test.rb +++ b/railties/test/application/assets_test.rb @@ -241,7 +241,7 @@ module ApplicationTests get '/posts' assert_match(/AssetNotPrecompiledError/, last_response.body) - assert_match(/app.js isn't precompiled/, last_response.body) + assert_match(/app.js isn't precompiled/, last_response.body) end test "assets raise AssetNotPrecompiledError when manifest file is present and requested file isn't precompiled if digest is disabled" do @@ -265,7 +265,7 @@ module ApplicationTests get '/posts' assert_match(/AssetNotPrecompiledError/, last_response.body) - assert_match(/app.js isn't precompiled/, last_response.body) + assert_match(/app.js isn't precompiled/, last_response.body) end test "precompile properly refers files referenced with asset_path and and run in the provided RAILS_ENV" do |