From 1e087fd3fd0d6c0b839ab6c15982a996a5d4d531 Mon Sep 17 00:00:00 2001
From: Pratik Naik <pratiknaik@gmail.com>
Date: Wed, 2 Apr 2008 12:48:59 +0000
Subject: Ensure RJS redirect_to doesn't html-escapes string argument. Closes
 #8546

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9212 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/CHANGELOG                                 |  2 ++
 .../lib/action_view/helpers/prototype_helper.rb      |  3 ++-
 actionpack/test/controller/redirect_test.rb          | 20 ++++++++++++++++++++
 actionpack/test/template/prototype_helper_test.rb    |  2 ++
 4 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 0d7e2ae5cd..04dd4aadd1 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [josh, eventualbuddha, Pratik]
+
 * Support render :partial => collection of heterogeneous elements.  #11491 [Zach Dennis]
 
 * Avoid remote_ip spoofing.  [Brian Candler]
diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb
index 725e968ddd..50feac5a0f 100644
--- a/actionpack/lib/action_view/helpers/prototype_helper.rb
+++ b/actionpack/lib/action_view/helpers/prototype_helper.rb
@@ -843,7 +843,8 @@ module ActionView
           #  # Generates: window.location.href = "/account/signup";
           #  page.redirect_to(:controller => 'account', :action => 'signup')
           def redirect_to(location)
-            assign 'window.location.href', @context.url_for(location)
+            url = location.is_a?(String) ? location : @context.url_for(location)
+            record "window.location.href = #{url.inspect}"
           end
           
           # Calls the JavaScript +function+, optionally with the given +arguments+.
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
index 571d5b1f5a..0e85347bad 100755
--- a/actionpack/test/controller/redirect_test.rb
+++ b/actionpack/test/controller/redirect_test.rb
@@ -65,6 +65,14 @@ class RedirectController < ActionController::Base
     redirect_to :action => "hello_world"
   end
 
+  def redirect_to_url
+    redirect_to "http://www.rubyonrails.org/"
+  end
+
+  def redirect_to_url_with_unescaped_query_string
+    redirect_to "http://dev.rubyonrails.org/query?status=new"
+  end
+
   def redirect_to_back
     redirect_to :back
   end
@@ -193,6 +201,18 @@ class RedirectTest < Test::Unit::TestCase
     assert_equal "world", assigns["hello"]
   end
 
+  def test_redirect_to_url
+    get :redirect_to_url
+    assert_response :redirect
+    assert_redirected_to "http://www.rubyonrails.org/"
+  end
+
+  def test_redirect_to_url_with_unescaped_query_string
+    get :redirect_to_url_with_unescaped_query_string
+    assert_response :redirect
+    assert_redirected_to "http://dev.rubyonrails.org/query?status=new"
+  end
+
   def test_redirect_to_back
     @request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
     get :redirect_to_back
diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb
index 47173a0cb1..28e58b0a08 100644
--- a/actionpack/test/template/prototype_helper_test.rb
+++ b/actionpack/test/template/prototype_helper_test.rb
@@ -358,6 +358,8 @@ class JavaScriptGeneratorTest < Test::Unit::TestCase
   def test_redirect_to
     assert_equal 'window.location.href = "http://www.example.com/welcome";',
       @generator.redirect_to(:action => 'welcome')
+    assert_equal 'window.location.href = "http://www.example.com/welcome?a=b&c=d";',
+      @generator.redirect_to("http://www.example.com/welcome?a=b&c=d")
   end
   
   def test_delay
-- 
cgit v1.2.3