mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Restores the escaping of urls generated from hashes. [#4765 state:resolved]
HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.
Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.
Undoes the changes of this commit:
1b3195b63c
Signed-off-by: José Valim <jose.valim@gmail.com>
This commit is contained in:
parent
e717631a84
commit
0b6ce34223
2 changed files with 5 additions and 9 deletions
|
@ -104,7 +104,7 @@ module ActionView
|
||||||
options
|
options
|
||||||
when Hash
|
when Hash
|
||||||
options = { :only_path => options[:host].nil? }.update(options.symbolize_keys)
|
options = { :only_path => options[:host].nil? }.update(options.symbolize_keys)
|
||||||
escape = options.key?(:escape) ? options.delete(:escape) : false
|
escape = options.key?(:escape) ? options.delete(:escape) : true
|
||||||
super
|
super
|
||||||
when :back
|
when :back
|
||||||
escape = false
|
escape = false
|
||||||
|
|
|
@ -41,7 +41,7 @@ class UrlHelperTest < ActiveSupport::TestCase
|
||||||
alias url_hash hash_for
|
alias url_hash hash_for
|
||||||
|
|
||||||
def test_url_for_escapes_urls
|
def test_url_for_escapes_urls
|
||||||
assert_equal "/?a=b&c=d", url_for(abcd)
|
assert_equal "/?a=b&c=d", url_for(abcd)
|
||||||
assert_equal "/?a=b&c=d", url_for(abcd(:escape => true))
|
assert_equal "/?a=b&c=d", url_for(abcd(:escape => true))
|
||||||
assert_equal "/?a=b&c=d", url_for(abcd(:escape => false))
|
assert_equal "/?a=b&c=d", url_for(abcd(:escape => false))
|
||||||
end
|
end
|
||||||
|
@ -53,6 +53,7 @@ class UrlHelperTest < ActiveSupport::TestCase
|
||||||
|
|
||||||
def test_url_for_escapes_url_once
|
def test_url_for_escapes_url_once
|
||||||
assert_equal "/?a=b&c=d", url_for("/?a=b&c=d")
|
assert_equal "/?a=b&c=d", url_for("/?a=b&c=d")
|
||||||
|
assert_equal "/?a=b&c=d", url_for(abcd)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_url_for_with_back
|
def test_url_for_with_back
|
||||||
|
@ -67,11 +68,6 @@ class UrlHelperTest < ActiveSupport::TestCase
|
||||||
assert_equal 'javascript:history.back()', url_for(:back)
|
assert_equal 'javascript:history.back()', url_for(:back)
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_url_for_from_hash_doesnt_escape_ampersand
|
|
||||||
path = url_for(hash_for(:foo => :bar, :baz => :quux))
|
|
||||||
assert_equal '/?baz=quux&foo=bar', sort_query_string_params(path)
|
|
||||||
end
|
|
||||||
|
|
||||||
# todo: missing test cases
|
# todo: missing test cases
|
||||||
def test_button_to_with_straight_url
|
def test_button_to_with_straight_url
|
||||||
assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com")
|
assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com")
|
||||||
|
@ -345,7 +341,7 @@ class UrlHelperTest < ActiveSupport::TestCase
|
||||||
link_to_unless_current("Showing", "http://www.example.com/?order=asc")
|
link_to_unless_current("Showing", "http://www.example.com/?order=asc")
|
||||||
|
|
||||||
@request = request_for_url("/?order=desc")
|
@request = request_for_url("/?order=desc")
|
||||||
assert_equal %{<a href="/?order=desc&page=2\">Showing</a>},
|
assert_equal %{<a href="/?order=desc&page=2\">Showing</a>},
|
||||||
link_to_unless_current("Showing", hash_for(:order => "desc", :page => 2))
|
link_to_unless_current("Showing", hash_for(:order => "desc", :page => 2))
|
||||||
assert_equal %{<a href="http://www.example.com/?order=desc&page=2">Showing</a>},
|
assert_equal %{<a href="http://www.example.com/?order=desc&page=2">Showing</a>},
|
||||||
link_to_unless_current("Showing", "http://www.example.com/?order=desc&page=2")
|
link_to_unless_current("Showing", "http://www.example.com/?order=desc&page=2")
|
||||||
|
@ -415,7 +411,7 @@ class UrlHelperTest < ActiveSupport::TestCase
|
||||||
private
|
private
|
||||||
def sort_query_string_params(uri)
|
def sort_query_string_params(uri)
|
||||||
path, qs = uri.split('?')
|
path, qs = uri.split('?')
|
||||||
qs = qs.split('&').sort.join('&') if qs
|
qs = qs.split('&').sort.join('&') if qs
|
||||||
qs ? "#{path}?#{qs}" : path
|
qs ? "#{path}?#{qs}" : path
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue