From 92f02adf407d6884ffea789b39f78f44b7fd3722 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Sun, 2 Dec 2007 08:45:35 +0000
Subject: Don't escape forward slashes with String#to_json, our unicode
 encoding of < and > prevent the XSS problems. [tpope] Closes #10273

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8255 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/test/template/javascript_helper_test.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'actionpack/test/template/javascript_helper_test.rb')

diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb
index 1fabe80ba7..0d44e96f84 100644
--- a/actionpack/test/template/javascript_helper_test.rb
+++ b/actionpack/test/template/javascript_helper_test.rb
@@ -38,14 +38,14 @@ class JavaScriptHelperTest < Test::Unit::TestCase
     html = link_to_function( "Greet me!" ) do |page|
       page.replace_html 'header', "<h1>Greetings</h1>"
     end
-    assert_dom_equal %(<a href="#" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E&quot;);; return false;">Greet me!</a>), html
+    assert_dom_equal %(<a href="#" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C/h1\\u003E&quot;);; return false;">Greet me!</a>), html
   end
 
   def test_link_to_function_with_rjs_block_and_options
     html = link_to_function( "Greet me!", :class => "updater" ) do |page|
       page.replace_html 'header', "<h1>Greetings</h1>"
     end
-    assert_dom_equal %(<a href="#" class="updater" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E&quot;);; return false;">Greet me!</a>), html
+    assert_dom_equal %(<a href="#" class="updater" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C/h1\\u003E&quot;);; return false;">Greet me!</a>), html
   end
 
   def test_link_to_function_with_href
@@ -67,14 +67,14 @@ class JavaScriptHelperTest < Test::Unit::TestCase
     html = button_to_function( "Greet me!" ) do |page|
       page.replace_html 'header', "<h1>Greetings</h1>"
     end
-    assert_dom_equal %(<input type="button" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E&quot;);;" value="Greet me!" />), html
+    assert_dom_equal %(<input type="button" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C/h1\\u003E&quot;);;" value="Greet me!" />), html
   end
 
   def test_button_to_function_with_rjs_block_and_options
     html = button_to_function( "Greet me!", :class => "greeter" ) do |page|
       page.replace_html 'header', "<h1>Greetings</h1>"
     end
-    assert_dom_equal %(<input type="button" class="greeter" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C\\/h1\\u003E&quot;);;" value="Greet me!" />), html
+    assert_dom_equal %(<input type="button" class="greeter" onclick="Element.update(&quot;header&quot;, &quot;\\u003Ch1\\u003EGreetings\\u003C\/h1\\u003E&quot;);;" value="Greet me!" />), html
   end
 
   def test_button_to_function_with_onclick
-- 
cgit v1.2.3