From 3fe9d8ac359cc38698b3ee7fb876308dfdf144ed Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sat, 26 Mar 2005 14:03:55 +0000
Subject: Added JavascriptHelper#escape_javascript as a public method (was
 private) and made it escape both single and double quotes and new lines #940
 [mortonda@dgrmm.net]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1002 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_view/helpers/javascript_helper.rb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'actionpack/lib/action_view')

diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb
index d5630bcdfe..5a07ebdc6e 100644
--- a/actionpack/lib/action_view/helpers/javascript_helper.rb
+++ b/actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -148,11 +148,12 @@ module ActionView
         build_observer('Form.Observer', form_id, options)
       end
 
-    private
+      # Escape carrier returns and single and double quotes for Javascript segments.
       def escape_javascript(javascript)
-        (javascript || '').gsub('"', '\"')
+        (javascript || '').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" }
       end
-      
+
+    private      
       def options_for_ajax(options)
         js_options = build_callbacks(options)
         
-- 
cgit v1.2.3