mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Fixed JavaScriptHelper#escape_javascript to also escape closing tags (closes #8023) [rubyruy]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7567 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
9809dc4540
commit
da5d8fa6ad
3 changed files with 4 additions and 1 deletions
|
@ -1,5 +1,7 @@
|
||||||
*SVN*
|
*SVN*
|
||||||
|
|
||||||
|
* Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 [rubyruy]
|
||||||
|
|
||||||
* Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 [seth]
|
* Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 [seth]
|
||||||
|
|
||||||
* Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 [Bounga]
|
* Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 [Bounga]
|
||||||
|
|
|
@ -149,7 +149,7 @@ module ActionView
|
||||||
|
|
||||||
# Escape carrier returns and single and double quotes for JavaScript segments.
|
# Escape carrier returns and single and double quotes for JavaScript segments.
|
||||||
def escape_javascript(javascript)
|
def escape_javascript(javascript)
|
||||||
(javascript || '').gsub('\\','\0\0').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" }
|
(javascript || '').gsub('\\','\0\0').gsub('</','<\/').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" }
|
||||||
end
|
end
|
||||||
|
|
||||||
# Returns a JavaScript tag with the +content+ inside. Example:
|
# Returns a JavaScript tag with the +content+ inside. Example:
|
||||||
|
|
|
@ -21,6 +21,7 @@ class JavaScriptHelperTest < Test::Unit::TestCase
|
||||||
assert_equal '', escape_javascript(nil)
|
assert_equal '', escape_javascript(nil)
|
||||||
assert_equal %(This \\"thing\\" is really\\n netos\\'), escape_javascript(%(This "thing" is really\n netos'))
|
assert_equal %(This \\"thing\\" is really\\n netos\\'), escape_javascript(%(This "thing" is really\n netos'))
|
||||||
assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
|
assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
|
||||||
|
assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags))
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_link_to_function
|
def test_link_to_function
|
||||||
|
|
Loading…
Reference in a new issue