From 1e087fd3fd0d6c0b839ab6c15982a996a5d4d531 Mon Sep 17 00:00:00 2001 From: Pratik Naik Date: Wed, 2 Apr 2008 12:48:59 +0000 Subject: Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9212 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/CHANGELOG | 2 ++ .../lib/action_view/helpers/prototype_helper.rb | 3 ++- actionpack/test/controller/redirect_test.rb | 20 ++++++++++++++++++++ actionpack/test/template/prototype_helper_test.rb | 2 ++ 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 0d7e2ae5cd..04dd4aadd1 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [josh, eventualbuddha, Pratik] + * Support render :partial => collection of heterogeneous elements. #11491 [Zach Dennis] * Avoid remote_ip spoofing. [Brian Candler] diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb index 725e968ddd..50feac5a0f 100644 --- a/actionpack/lib/action_view/helpers/prototype_helper.rb +++ b/actionpack/lib/action_view/helpers/prototype_helper.rb @@ -843,7 +843,8 @@ module ActionView # # Generates: window.location.href = "/account/signup"; # page.redirect_to(:controller => 'account', :action => 'signup') def redirect_to(location) - assign 'window.location.href', @context.url_for(location) + url = location.is_a?(String) ? location : @context.url_for(location) + record "window.location.href = #{url.inspect}" end # Calls the JavaScript +function+, optionally with the given +arguments+. diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb index 571d5b1f5a..0e85347bad 100755 --- a/actionpack/test/controller/redirect_test.rb +++ b/actionpack/test/controller/redirect_test.rb @@ -65,6 +65,14 @@ class RedirectController < ActionController::Base redirect_to :action => "hello_world" end + def redirect_to_url + redirect_to "http://www.rubyonrails.org/" + end + + def redirect_to_url_with_unescaped_query_string + redirect_to "http://dev.rubyonrails.org/query?status=new" + end + def redirect_to_back redirect_to :back end @@ -193,6 +201,18 @@ class RedirectTest < Test::Unit::TestCase assert_equal "world", assigns["hello"] end + def test_redirect_to_url + get :redirect_to_url + assert_response :redirect + assert_redirected_to "http://www.rubyonrails.org/" + end + + def test_redirect_to_url_with_unescaped_query_string + get :redirect_to_url_with_unescaped_query_string + assert_response :redirect + assert_redirected_to "http://dev.rubyonrails.org/query?status=new" + end + def test_redirect_to_back @request.env["HTTP_REFERER"] = "http://www.example.com/coming/from" get :redirect_to_back diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb index 47173a0cb1..28e58b0a08 100644 --- a/actionpack/test/template/prototype_helper_test.rb +++ b/actionpack/test/template/prototype_helper_test.rb @@ -358,6 +358,8 @@ class JavaScriptGeneratorTest < Test::Unit::TestCase def test_redirect_to assert_equal 'window.location.href = "http://www.example.com/welcome";', @generator.redirect_to(:action => 'welcome') + assert_equal 'window.location.href = "http://www.example.com/welcome?a=b&c=d";', + @generator.redirect_to("http://www.example.com/welcome?a=b&c=d") end def test_delay -- cgit v1.2.3