Commit 17d1319c480e58e28641b243da50ae5e5eab89dc to rails's rails

17d1319
all branches
- 1-2-stable
- 2-0-stable
- 2-1-stable
- 2-2-stable
- 2-3-stable
- 3-0-unstable
- HEAD
- master
all tags
- v0.9.1
- v0.9.2
- v0.9.3
- v0.9.4
- v0.9.4.1
- v0.9.5
- v0.10.0
- v0.10.1
- v0.11.0
- v0.11.1
- v0.12.0
- v0.13.0
- v0.13.1
- v0.14.1
- v0.14.2
- v0.14.3
- v0.14.4
- v1.0.0
- v1.1.0
- v1.1.0_RC1
- v1.1.1
- v1.1.2
- v1.1.3
- v1.1.4
- v1.1.5
- v1.1.6
- v1.2.0
- v1.2.0_RC1
- v1.2.0_RC2
- v1.2.1
- v1.2.2
- v1.2.3
- v1.2.4
- v1.2.5
- v1.2.6
- v2.0.0
- v2.0.0_PR
- v2.0.0_RC1
- v2.0.0_RC2
- v2.0.1
- v2.0.2
- v2.0.3
- v2.0.4
- v2.0.5
- v2.1.0
- v2.1.0_RC1
- v2.1.1
- v2.1.2
- v2.2.0
- v2.2.1
- v2.2.2
- v2.3.0
- v2.3.1
- v2.3.2
- v2.3.2.1
comments

rails / rails

668

3815

Description:	Ruby on Rails edit
Homepage:	http://rubyonrails.org edit
Public Clone URL:	git://github.com/rails/rails.git Give this clone URL to anyone. `git clone git://github.com/rails/rails.git`
Your Clone URL:	git@github.com:rails/rails.git Use this clone URL yourself. `git clone git@github.com:rails/rails.git`

Ensure observe_field encodes value parameter. [#216 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>

fcheung (author)

Sat May 17 11:12:36 -0700 2008

lifo (committer)

Mon May 19 02:30:56 -0700 2008

commit 17d1319c480e58e28641b243da50ae5e5eab89dc
tree 511ad2ba892080ec6bd05b9e3659dd326bb18906
parent c1c1d6c2ea72424dfae0b5ee1991d904dcf0f252

actionpack/lib/action_view/helpers/prototype_helper.rb
actionpack/test/template/prototype_helper_test.rb

actionpack/lib/action_view/helpers/prototype_helper.rb

0
@@ -1068,7 +1068,7 @@ module ActionView
0
     
0
       def build_observer(klass, name, options = {})
0
         if options[:with] && (options[:with] !~ /[\{=(.]/)
0
-          options[:with] = "'#{options[:with]}=' + value"
0
+          options[:with] = "'#{options[:with]}=' + encodeURIComponent(value)"
0
         else
0
           options[:with] ||= 'value' unless options[:function]
0
         end

actionpack/test/template/prototype_helper_test.rb

0
@@ -219,9 +219,9 @@ class PrototypeHelperTest < PrototypeHelperBaseTest
0
   end
0
   
0
   def test_observe_field_using_with_option
0
-    expected = %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Form.Element.Observer('glass', 300, function(element, value) {new Ajax.Request('http://www.example.com/check_value', {asynchronous:true, evalScripts:true, parameters:'id=' + value})})\n//]]>\n</script>)
0
+    expected = %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Form.Element.Observer('glass', 300, function(element, value) {new Ajax.Request('http://www.example.com/check_value', {asynchronous:true, evalScripts:true, parameters:'id=' + encodeURIComponent(value)})})\n//]]>\n</script>)
0
     assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => 'id')
0
-    assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => "'id=' + value")
0
+    assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => "'id=' + encodeURIComponent(value)")
0
   end
0
   
0
   def test_observe_field_using_json_in_with_option

Comments