Ensure observe_field encodes value parameter. [#216 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>

actionpack/lib/action_view/helpers/prototype_helper.rb

@@ -1068,7 +1068,7 @@ def method_option_to_s(method)
 
       def build_observer(klass, name, options = {})
         if options[:with] && (options[:with] !~ /[\{=(.]/)
-          options[:with] = "'#{options[:with]}=' + value"
+          options[:with] = "'#{options[:with]}=' + encodeURIComponent(value)"
         else
           options[:with] ||= 'value' unless options[:function]
         end

actionpack/test/template/prototype_helper_test.rb

@@ -219,9 +219,9 @@ def test_observe_field
   end
 
   def test_observe_field_using_with_option
-    expected = %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Form.Element.Observer('glass', 300, function(element, value) {new Ajax.Request('http://www.example.com/check_value', {asynchronous:true, evalScripts:true, parameters:'id=' + value})})\n//]]>\n</script>)
+    expected = %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Form.Element.Observer('glass', 300, function(element, value) {new Ajax.Request('http://www.example.com/check_value', {asynchronous:true, evalScripts:true, parameters:'id=' + encodeURIComponent(value)})})\n//]]>\n</script>)
     assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => 'id')
-    assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => "'id=' + value")
+    assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => "'id=' + encodeURIComponent(value)")
   end
 
   def test_observe_field_using_json_in_with_option