1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Restores the escaping of urls generated from hashes. [#4765 state:resolved]

HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.

Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.

Undoes the changes of this commit:
1b3195b63c

Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
Andrew White 2010-06-27 09:16:46 +01:00 committed by José Valim
parent e717631a84
commit 0b6ce34223
2 changed files with 5 additions and 9 deletions

View file

@ -104,7 +104,7 @@ module ActionView
options options
when Hash when Hash
options = { :only_path => options[:host].nil? }.update(options.symbolize_keys) options = { :only_path => options[:host].nil? }.update(options.symbolize_keys)
escape = options.key?(:escape) ? options.delete(:escape) : false escape = options.key?(:escape) ? options.delete(:escape) : true
super super
when :back when :back
escape = false escape = false

View file

@ -41,7 +41,7 @@ class UrlHelperTest < ActiveSupport::TestCase
alias url_hash hash_for alias url_hash hash_for
def test_url_for_escapes_urls def test_url_for_escapes_urls
assert_equal "/?a=b&c=d", url_for(abcd) assert_equal "/?a=b&amp;c=d", url_for(abcd)
assert_equal "/?a=b&amp;c=d", url_for(abcd(:escape => true)) assert_equal "/?a=b&amp;c=d", url_for(abcd(:escape => true))
assert_equal "/?a=b&c=d", url_for(abcd(:escape => false)) assert_equal "/?a=b&c=d", url_for(abcd(:escape => false))
end end
@ -53,6 +53,7 @@ class UrlHelperTest < ActiveSupport::TestCase
def test_url_for_escapes_url_once def test_url_for_escapes_url_once
assert_equal "/?a=b&amp;c=d", url_for("/?a=b&amp;c=d") assert_equal "/?a=b&amp;c=d", url_for("/?a=b&amp;c=d")
assert_equal "/?a=b&amp;c=d", url_for(abcd)
end end
def test_url_for_with_back def test_url_for_with_back
@ -67,11 +68,6 @@ class UrlHelperTest < ActiveSupport::TestCase
assert_equal 'javascript:history.back()', url_for(:back) assert_equal 'javascript:history.back()', url_for(:back)
end end
def test_url_for_from_hash_doesnt_escape_ampersand
path = url_for(hash_for(:foo => :bar, :baz => :quux))
assert_equal '/?baz=quux&foo=bar', sort_query_string_params(path)
end
# todo: missing test cases # todo: missing test cases
def test_button_to_with_straight_url def test_button_to_with_straight_url
assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com") assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com")
@ -345,7 +341,7 @@ class UrlHelperTest < ActiveSupport::TestCase
link_to_unless_current("Showing", "http://www.example.com/?order=asc") link_to_unless_current("Showing", "http://www.example.com/?order=asc")
@request = request_for_url("/?order=desc") @request = request_for_url("/?order=desc")
assert_equal %{<a href="/?order=desc&page=2\">Showing</a>}, assert_equal %{<a href="/?order=desc&amp;page=2\">Showing</a>},
link_to_unless_current("Showing", hash_for(:order => "desc", :page => 2)) link_to_unless_current("Showing", hash_for(:order => "desc", :page => 2))
assert_equal %{<a href="http://www.example.com/?order=desc&amp;page=2">Showing</a>}, assert_equal %{<a href="http://www.example.com/?order=desc&amp;page=2">Showing</a>},
link_to_unless_current("Showing", "http://www.example.com/?order=desc&page=2") link_to_unless_current("Showing", "http://www.example.com/?order=desc&page=2")
@ -415,7 +411,7 @@ class UrlHelperTest < ActiveSupport::TestCase
private private
def sort_query_string_params(uri) def sort_query_string_params(uri)
path, qs = uri.split('?') path, qs = uri.split('?')
qs = qs.split('&').sort.join('&') if qs qs = qs.split('&amp;').sort.join('&amp;') if qs
qs ? "#{path}?#{qs}" : path qs ? "#{path}?#{qs}" : path
end end
end end