diff options
| -rw-r--r-- | actionpack/test/template/javascript_helper_test.rb | 8 | ||||
| -rw-r--r-- | actionpack/test/template/prototype_helper_test.rb | 18 | ||||
| -rw-r--r-- | activerecord/test/serialization_test.rb | 2 | ||||
| -rw-r--r-- | activesupport/CHANGELOG | 2 | ||||
| -rw-r--r-- | activesupport/lib/active_support/json/encoders/string.rb | 7 | ||||
| -rw-r--r-- | activesupport/test/json/encoding_test.rb | 4 |
6 files changed, 22 insertions, 19 deletions
diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb index 8de1daaeaa..1fabe80ba7 100644 --- a/actionpack/test/template/javascript_helper_test.rb +++ b/actionpack/test/template/javascript_helper_test.rb @@ -38,14 +38,14 @@ class JavaScriptHelperTest < Test::Unit::TestCase html = link_to_function( "Greet me!" ) do |page| page.replace_html 'header', "<h1>Greetings</h1>" end - assert_dom_equal %(<a href="#" onclick="Element.update("header", "\\074h1\\076Greetings\\074\\/h1\\076");; return false;">Greet me!</a>), html + assert_dom_equal %(<a href="#" onclick="Element.update("header", "\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E");; return false;">Greet me!</a>), html end def test_link_to_function_with_rjs_block_and_options html = link_to_function( "Greet me!", :class => "updater" ) do |page| page.replace_html 'header', "<h1>Greetings</h1>" end - assert_dom_equal %(<a href="#" class="updater" onclick="Element.update("header", "\\074h1\\076Greetings\\074\\/h1\\076");; return false;">Greet me!</a>), html + assert_dom_equal %(<a href="#" class="updater" onclick="Element.update("header", "\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E");; return false;">Greet me!</a>), html end def test_link_to_function_with_href @@ -67,14 +67,14 @@ class JavaScriptHelperTest < Test::Unit::TestCase html = button_to_function( "Greet me!" ) do |page| page.replace_html 'header', "<h1>Greetings</h1>" end - assert_dom_equal %(<input type="button" onclick="Element.update("header", "\\074h1\\076Greetings\\074\\/h1\\076");;" value="Greet me!" />), html + assert_dom_equal %(<input type="button" onclick="Element.update("header", "\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E");;" value="Greet me!" />), html end def test_button_to_function_with_rjs_block_and_options html = button_to_function( "Greet me!", :class => "greeter" ) do |page| page.replace_html 'header', "<h1>Greetings</h1>" end - assert_dom_equal %(<input type="button" class="greeter" onclick="Element.update("header", "\\074h1\\076Greetings\\074\\/h1\\076");;" value="Greet me!" />), html + assert_dom_equal %(<input type="button" class="greeter" onclick="Element.update("header", "\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E");;" value="Greet me!" />), html end def test_button_to_function_with_onclick diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb index bdb7a848a0..6caf67810c 100644 --- a/actionpack/test/template/prototype_helper_test.rb +++ b/actionpack/test/template/prototype_helper_test.rb @@ -303,23 +303,23 @@ class JavaScriptGeneratorTest < Test::Unit::TestCase end def test_insert_html_with_string - assert_equal 'new Insertion.Top("element", "\\074p\\076This is a test\\074\\/p\\076");', + assert_equal 'new Insertion.Top("element", "\\u003Cp\\u003EThis is a test\\u003C\\/p\\u003E");', @generator.insert_html(:top, 'element', '<p>This is a test</p>') - assert_equal 'new Insertion.Bottom("element", "\\074p\076This is a test\\074\\/p\076");', + assert_equal 'new Insertion.Bottom("element", "\\u003Cp\u003EThis is a test\\u003C\\/p\u003E");', @generator.insert_html(:bottom, 'element', '<p>This is a test</p>') - assert_equal 'new Insertion.Before("element", "\\074p\076This is a test\\074\\/p\076");', + assert_equal 'new Insertion.Before("element", "\\u003Cp\u003EThis is a test\\u003C\\/p\u003E");', @generator.insert_html(:before, 'element', '<p>This is a test</p>') - assert_equal 'new Insertion.After("element", "\\074p\076This is a test\\074\\/p\076");', + assert_equal 'new Insertion.After("element", "\\u003Cp\u003EThis is a test\\u003C\\/p\u003E");', @generator.insert_html(:after, 'element', '<p>This is a test</p>') end def test_replace_html_with_string - assert_equal 'Element.update("element", "\\074p\\076This is a test\\074\\/p\\076");', + assert_equal 'Element.update("element", "\\u003Cp\\u003EThis is a test\\u003C\\/p\\u003E");', @generator.replace_html('element', '<p>This is a test</p>') end def test_replace_element_with_string - assert_equal 'Element.replace("element", "\\074div id=\"element\"\\076\\074p\\076This is a test\\074\\/p\\076\\074\\/div\\076");', + assert_equal 'Element.replace("element", "\\u003Cdiv id=\"element\"\\u003E\\u003Cp\\u003EThis is a test\\u003C\\/p\\u003E\\u003C\\/div\\u003E");', @generator.replace('element', '<div id="element"><p>This is a test</p></div>') end @@ -375,10 +375,10 @@ class JavaScriptGeneratorTest < Test::Unit::TestCase @generator.replace_html('baz', '<p>This is a test</p>') assert_equal <<-EOS.chomp, @generator.to_s -new Insertion.Top("element", "\\074p\\076This is a test\\074\\/p\\076"); -new Insertion.Bottom("element", "\\074p\\076This is a test\\074\\/p\\076"); +new Insertion.Top("element", "\\u003Cp\\u003EThis is a test\\u003C\\/p\\u003E"); +new Insertion.Bottom("element", "\\u003Cp\\u003EThis is a test\\u003C\\/p\\u003E"); ["foo", "bar"].each(Element.remove); -Element.update("baz", "\\074p\\076This is a test\\074\\/p\\076"); +Element.update("baz", "\\u003Cp\\u003EThis is a test\\u003C\\/p\\u003E"); EOS end diff --git a/activerecord/test/serialization_test.rb b/activerecord/test/serialization_test.rb index b3bdf6b43d..a8295da26a 100644 --- a/activerecord/test/serialization_test.rb +++ b/activerecord/test/serialization_test.rb @@ -11,7 +11,7 @@ class SerializationTest < Test::Unit::TestCase :avatar => 'binarydata', :created_at => Time.utc(2006, 8, 1), :awesome => false, - :preferences => { :gem => 'ruby' } + :preferences => { :gem => '<strong>ruby</strong>' } } @contact = Contact.new(@contact_attributes) diff --git a/activesupport/CHANGELOG b/activesupport/CHANGELOG index a082135558..80f6c76401 100644 --- a/activesupport/CHANGELOG +++ b/activesupport/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Change JSON to encode %w(< > &) as 4 digit hex codes to be in compliance with the JSON spec. Closes #9975 [josh, chuyeow, tpope] + * Fix JSON encoding/decoding bugs dealing with /'s. Closes #9990 [Rick, theamazingrando] * Introduce a base class for all test cases used by rails applications. ActiveSupport::TestCase [Koz] diff --git a/activesupport/lib/active_support/json/encoders/string.rb b/activesupport/lib/active_support/json/encoders/string.rb index 7ddc544294..ca74436802 100644 --- a/activesupport/lib/active_support/json/encoders/string.rb +++ b/activesupport/lib/active_support/json/encoders/string.rb @@ -9,8 +9,9 @@ module ActiveSupport "\t" => '\t', '"' => '\"', '\\' => '\\\\', - ">" => '\076', - '<' => '\074', + '>' => '\u003E', + '<' => '\u003C', + '&' => '\u0026', '/' => '\\/' } end @@ -19,7 +20,7 @@ end class String def to_json(options = nil) #:nodoc: - '"' + gsub(/[\010\f\n\r\t"\\><\/]/) { |s| + '"' + gsub(/[\010\f\n\r\t"\\><&\/]/) { |s| ActiveSupport::JSON::Encoding::ESCAPED_CHARS[s] }.gsub(/([\xC0-\xDF][\x80-\xBF]| [\xE0-\xEF][\x80-\xBF]{2}| diff --git a/activesupport/test/json/encoding_test.rb b/activesupport/test/json/encoding_test.rb index 8200dfcb62..888bf126dd 100644 --- a/activesupport/test/json/encoding_test.rb +++ b/activesupport/test/json/encoding_test.rb @@ -13,8 +13,8 @@ class TestJSONEncoding < Test::Unit::TestCase NumericTests = [[ 1, %(1) ], [ 2.5, %(2.5) ]] - StringTests = [[ 'this is the <string>', %("this is the \\074string\\076")], - [ 'a "string" with quotes', %("a \\"string\\" with quotes") ], + StringTests = [[ 'this is the <string>', %("this is the \\u003Cstring\\u003E")], + [ 'a "string" with quotes & an ampersand', %("a \\"string\\" with quotes \\u0026 an ampersand") ], [ 'http://test.host/posts/1', %("http:\\/\\/test.host\\/posts\\/1")]] ArrayTests = [[ ['a', 'b', 'c'], %([\"a\", \"b\", \"c\"]) ], |