Properly escape field values when submitting forms.

lib/capybara/driver/rack_test_driver.rb

@@ -1,5 +1,6 @@
 require 'rack/test'
 require 'nokogiri'
+require 'cgi'
 
 class Capybara::Driver::RackTest
   class Node < Capybara::Node
@@ -95,17 +96,21 @@ class Capybara::Driver::RackTest
       params.compact!
       params.push [button[:name], button[:value]] if button[:name]
       if multipart?
-        params.inject({}) { |agg, (key, value)| agg[key] = value; agg }
+        Hash[
+          params.map do |key, value|
+            [key, value.is_a?(String) ? CGI.escape(value.to_s) : value]
+          end
+        ]
       else
-        params.map { |key, value| "#{key}=#{value}" }.join('&')
+        params.map { |key, value| "#{key}=#{CGI.escape(value.to_s)}" }.join('&')
       end
     end
 
     def submit(button)
       if post?
-        driver.submit(node['action'].to_s, params(button)) 
+        driver.submit(node['action'].to_s, params(button))
       else
-        driver.visit(node['action'].to_s.split('?').first + '?' + params(button)) 
+        driver.visit(node['action'].to_s.split('?').first + '?' + params(button))
       end
     end
 

spec/session_spec.rb

@@ -77,6 +77,10 @@ shared_examples_for "session" do
         @results['first_name'].should == 'John'
       end
 
+      it "should escape fields when submitting" do
+        @results['phone'].should == '+1 555 7021'
+      end
+
       it "should serialize and submit password fields" do
         @results['password'].should == 'seeekrit'
       end

spec/views/form.erb

@@ -16,6 +16,11 @@
     <input type="text" name="form[name]" value="John Smith" id="form_name"/>
   </p>
 
+  <p>
+    <label for="form_phone">Phone</label>
+    <input type="text" name="form[phone]" value="+1 555 7021" id="form_phone"/>
+  </p>
+
   <p>
     <label for="form_password">Password</label>
     <input type="password" name="form[password]" value="seeekrit" id="form_password"/>