From f6ceb944eaea525362db38aa990cac3e6f76ac5a Mon Sep 17 00:00:00 2001 From: Teng Siong Ong Date: Sun, 21 Aug 2011 15:14:45 -0500 Subject: fix escape_javascript for unicode character \u2028. --- actionpack/lib/action_view/helpers/javascript_helper.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 4484390fde..f1b071caf7 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -10,7 +10,8 @@ module ActionView "\n" => '\n', "\r" => '\n', '"' => '\\"', - "'" => "\\'" } + "'" => "\\'", + "\342\200\250" => '
' } # Escape carrier returns and single and double quotes for JavaScript segments. # Also available through the alias j(). This is particularly helpful in JavaScript responses, like: @@ -18,7 +19,7 @@ module ActionView # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) if javascript - result = javascript.gsub(/(\\|<\/|\r\n|[\n\r"'])/) {|match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/) {|match| JS_ESCAPE_MAP[match] } javascript.html_safe? ? result.html_safe : result else '' -- cgit v1.2.3 From 13400ac289344dae002c77a3c2b820268f08745e Mon Sep 17 00:00:00 2001 From: Andrew White Date: Tue, 23 Aug 2011 14:55:31 +0100 Subject: Ensure regexp and hash key are UTF-8 --- actionpack/lib/action_view/helpers/javascript_helper.rb | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index f1b071caf7..474ea53f91 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -1,4 +1,5 @@ require 'action_view/helpers/tag_helper' +require 'active_support/core_ext/string/encoding' module ActionView module Helpers @@ -10,8 +11,14 @@ module ActionView "\n" => '\n', "\r" => '\n', '"' => '\\"', - "'" => "\\'", - "\342\200\250" => '
' } + "'" => "\\'" + } + + if "ruby".encoding_aware? + JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '
' + else + JS_ESCAPE_MAP["\342\200\250"] = '
' + end # Escape carrier returns and single and double quotes for JavaScript segments. # Also available through the alias j(). This is particularly helpful in JavaScript responses, like: @@ -19,7 +26,7 @@ module ActionView # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) if javascript - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/) {|match| JS_ESCAPE_MAP[match] } + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } javascript.html_safe? ? result.html_safe : result else '' -- cgit v1.2.3 From eb0b71478ad4c37fdc4ec77bf2cf7c6b65dd36c4 Mon Sep 17 00:00:00 2001 From: Daniel Schierbeck Date: Tue, 23 Aug 2011 13:42:36 +0200 Subject: Simplify JavaScriptHelper#escape_javascript Use the Linus-style conditional. Also fix the documentation slightly. Signed-off-by: Andrew White --- actionpack/lib/action_view/helpers/javascript_helper.rb | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 474ea53f91..d01e62378b 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -20,17 +20,16 @@ module ActionView JS_ESCAPE_MAP["\342\200\250"] = '
' end - # Escape carrier returns and single and double quotes for JavaScript segments. + # Escapes carriage returns and single and double quotes for JavaScript segments. + # # Also available through the alias j(). This is particularly helpful in JavaScript responses, like: # # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) - if javascript - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } - javascript.html_safe? ? result.html_safe : result - else - '' - end + return "" if javascript.empty? + + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } + javascript.html_safe? ? result.html_safe : result end alias_method :j, :escape_javascript -- cgit v1.2.3 From 289540e4ffc1a5619979708e5287a9b71f9ab4e2 Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Wed, 24 Aug 2011 13:21:18 -0300 Subject: Revert "Simplify JavaScriptHelper#escape_javascript" This commit broke the build without any improvement. This reverts commit eb0b71478ad4c37fdc4ec77bf2cf7c6b65dd36c4. --- actionpack/lib/action_view/helpers/javascript_helper.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index d01e62378b..1adcd716f8 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -26,10 +26,12 @@ module ActionView # # $('some_element').replaceWith('<%=j render 'some/element_template' %>'); def escape_javascript(javascript) - return "" if javascript.empty? - - result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } - javascript.html_safe? ? result.html_safe : result + if javascript + result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] } + javascript.html_safe? ? result.html_safe : result + else + '' + end end alias_method :j, :escape_javascript -- cgit v1.2.3 From 979f3f894bf1034d4e9ee5ab9e285713f63c2824 Mon Sep 17 00:00:00 2001 From: Alexey Vakhov Date: Tue, 8 Nov 2011 18:01:19 +0400 Subject: Fix small typo in link_to_function doc --- actionpack/lib/action_view/helpers/javascript_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_view/helpers/javascript_helper.rb') diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb index 1adcd716f8..842f4c23a3 100644 --- a/actionpack/lib/action_view/helpers/javascript_helper.rb +++ b/actionpack/lib/action_view/helpers/javascript_helper.rb @@ -94,7 +94,7 @@ module ActionView # If +html_options+ has an :onclick, that one is put before +function+. Once all # the JavaScript is set, the helper appends "; return false;". # - # The +href+ attribute of the tag is set to "#" unles +html_options+ has one. + # The +href+ attribute of the tag is set to "#" unless +html_options+ has one. # # link_to_function "Greeting", "alert('Hello world!')", :class => "nav_link" # # => Greeting -- cgit v1.2.3