Commit 3baa1d09da8d24565d9c45f46366baeec7086cb5 to NZKoz's koz-rails

NZKoz / koz-rails

Description:	Koz's rails git-svn clone
Homepage:	http://www.rubyonrails.org
Clone URL:	git://github.com/NZKoz/koz-rails.git Give this clone URL to anyone. `git clone git://github.com/NZKoz/koz-rails.git`

Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546


git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9212 
5ecf4fe2-1ee6-0310-87b1-e25e094e27de

pratik (author)

Wed Apr 02 05:48:59 -0700 2008

commit 3baa1d09da8d24565d9c45f46366baeec7086cb5
tree ea3fac18189a3d716085fa6461dcaf886a48372e
parent 96920a3efe79a24920ec47bace5e8d650c6f61ee

actionpack/CHANGELOG
actionpack/lib/action_view/helpers/prototype_helper.rb
actionpack/test/controller/redirect_test.rb
actionpack/test/template/prototype_helper_test.rb

actionpack/CHANGELOG

0
@@ -1,5 +1,7 @@
0
 *SVN*
0
 
0
+* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [josh, eventualbuddha, Pratik]
0
+
0
 * Support render :partial => collection of heterogeneous elements.  #11491 [Zach Dennis]
0
 
0
 * Avoid remote_ip spoofing.  [Brian Candler]

actionpack/lib/action_view/helpers/prototype_helper.rb

0
@@ -843,7 +843,8 @@ module ActionView
0
           #  # Generates: window.location.href = "/account/signup";
0
           #  page.redirect_to(:controller => 'account', :action => 'signup')
0
           def redirect_to(location)
0
-            assign 'window.location.href', @context.url_for(location)
0
+            url = location.is_a?(String) ? location : @context.url_for(location)
0
+            record "window.location.href = #{url.inspect}"
0
           end
0
           
0
           # Calls the JavaScript +function+, optionally with the given +arguments+.

actionpack/test/controller/redirect_test.rb

0
@@ -65,6 +65,14 @@ class RedirectController < ActionController::Base
0
     redirect_to :action => "hello_world"
0
   end
0
 
0
+  def redirect_to_url
0
+    redirect_to "http://www.rubyonrails.org/"
0
+  end
0
+
0
+  def redirect_to_url_with_unescaped_query_string
0
+    redirect_to "http://dev.rubyonrails.org/query?status=new"
0
+  end
0
+
0
   def redirect_to_back
0
     redirect_to :back
0
   end
0
@@ -193,6 +201,18 @@ class RedirectTest < Test::Unit::TestCase
0
     assert_equal "world", assigns["hello"]
0
   end
0
 
0
+  def test_redirect_to_url
0
+    get :redirect_to_url
0
+    assert_response :redirect
0
+    assert_redirected_to "http://www.rubyonrails.org/"
0
+  end
0
+
0
+  def test_redirect_to_url_with_unescaped_query_string
0
+    get :redirect_to_url_with_unescaped_query_string
0
+    assert_response :redirect
0
+    assert_redirected_to "http://dev.rubyonrails.org/query?status=new"
0
+  end
0
+
0
   def test_redirect_to_back
0
     @request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
0
     get :redirect_to_back

actionpack/test/template/prototype_helper_test.rb

0
@@ -358,6 +358,8 @@ class JavaScriptGeneratorTest < Test::Unit::TestCase
0
   def test_redirect_to
0
     assert_equal 'window.location.href = "http://www.example.com/welcome";',
0
       @generator.redirect_to(:action => 'welcome')
0
+    assert_equal 'window.location.href = "http://www.example.com/welcome?a=b&c=d";',
0
+      @generator.redirect_to("http://www.example.com/welcome?a=b&c=d")
0
   end
0
   
0
   def test_delay

Comments

No one has commented yet.