Commit 0bc8e09f8057b6745fedb08e4af10bc554ac3f41 to rails's rails

0bc8e09
all branches
all tags
- v2.2.2
- v2.2.1
- v2.2.0
- v2.1.2
- v2.1.1
- v2.1.0_RC1
- v2.1.0
- v2.0.5
- v2.0.4
- v2.0.3
- v2.0.2
- v2.0.1
- v2.0.0_RC2
- v2.0.0_RC1
- v2.0.0_PR
- v2.0.0
- v1.2.6
- v1.2.5
- v1.2.4
- v1.2.3
- v1.2.2
- v1.2.1
- v1.2.0_RC2
- v1.2.0_RC1
- v1.2.0
- v1.1.6
- v1.1.5
- v1.1.4
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0_RC1
- v1.1.0
- v1.0.0
- v0.9.5
- v0.9.4.1
- v0.9.4
- v0.9.3
- v0.9.2
- v0.9.1
- v0.14.4
- v0.14.3
- v0.14.2
- v0.14.1
- v0.13.1
- v0.13.0
- v0.12.0
- v0.11.1
- v0.11.0
- v0.10.1
- v0.10.0
comments

rails / rails

Description:	Ruby on Rails
Homepage:	http://rubyonrails.org
Clone URL:	git://github.com/rails/rails.git Give this clone URL to anyone. `git clone git://github.com/rails/rails.git`

Fixed that single quote was not escaped in a UrlHelper#link_to javascript 
confirm #549 [Scott Barron]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@837 
5ecf4fe2-1ee6-0310-87b1-e25e094e27de

dhh (author)

Sun Mar 06 04:07:13 -0800 2005

commit 0bc8e09f8057b6745fedb08e4af10bc554ac3f41
tree f61ce9d31d432a7c25284509b8309c270ebe2775
parent eb5ca2ea5ff55e2f6a49580afab5e0ddd0b2bf11

actionpack/CHANGELOG
actionpack/lib/action_view/helpers/url_helper.rb
actionpack/test/template/url_helper_test.rb

actionpack/CHANGELOG

0
@@ -1,5 +1,7 @@
0
 *SVN*
0
 
0
+* Fixed that single quote was not escaped in a UrlHelper#link_to javascript confirm #549 [Scott Barron]
0
+
0
 * Removed the default border on link_image_to (it broke xhtml strict) -- can be specified with :border => 0 #517 [?/caleb]
0
 
0
 * Fixed that form helpers would treat string and symbol keys differently in html_options (and possibly create duplicate entries) #112 [bitsweat]

actionpack/lib/action_view/helpers/url_helper.rb

0
@@ -138,7 +138,7 @@ module ActionView
0
       private
0
         def convert_confirm_option_to_javascript!(html_options)
0
           if confirm = html_options.delete("confirm")
0
-            html_options["onclick"] = "return confirm('#{confirm}');"
0
+            html_options["onclick"] = "return confirm('#{confirm.gsub(/'/, '\\\\\'')}');"
0
           end
0
         end
0
     end

actionpack/test/template/url_helper_test.rb

0
@@ -27,6 +27,10 @@ class UrlHelperTest < Test::Unit::TestCase
0
       "<a href=\"http://www.world.com\" onclick=\"return confirm('Are you sure?');\">Hello</a>",
0
       link_to("Hello", "http://www.world.com", :confirm => "Are you sure?")
0
     )
0
+    assert_equal(
0
+      "<a href=\"http://www.world.com\" onclick=\"return confirm('You can\\'t possibly be sure, can you?');\">Hello</a>", 
0
+      link_to("Hello", "http://www.world.com", :confirm => "You can't possibly be sure, can you?")
0
+    )
0
   end
0
 
0
   def test_link_image_to

Comments

No one has commented yet.