From c16c248912e4ae3b6a64e6acdbf1a1e0dd2feb26 Mon Sep 17 00:00:00 2001
From: Sam Elliott <sam@lenary.co.uk>
Date: Fri, 16 Apr 2010 23:24:57 +0100
Subject: mail_to with :encode => :javascript now outputs safe html

Signed-off-by: Carl Lerche <carllerche@mac.com>
---
 actionpack/lib/action_view/helpers/url_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_view/helpers')

diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 0b748d700b..4ffc5ea127 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -504,7 +504,7 @@ module ActionView
           "document.write('#{content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c|
             string << sprintf("%%%x", c)
           end
-          "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>"
+          "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>".html_safe
         elsif encode == "hex"
           email_address_encoded = ''
           email_address_obfuscated.each_byte do |c|
-- 
cgit v1.2.3