@@ -1068,7 +1068,7 @@ module ActionView def build_observer(klass, name, options = {}) if options[:with] && (options[:with] !~ /[\{=(.]/) - options[:with] = "'#{options[:with]}=' + value" + options[:with] = "'#{options[:with]}=' + encodeURIComponent(value)" else options[:with] ||= 'value' unless options[:function] end actionpack/lib/action_view/helpers/prototype_helper.rb @@ -219,9 +219,9 @@ class PrototypeHelperTest < PrototypeHelperBaseTest end def test_observe_field_using_with_option - expected = %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Form.Element.Observer('glass', 300, function(element, value) {new Ajax.Request('http://www.example.com/check_value', {asynchronous:true, evalScripts:true, parameters:'id=' + value})})\n//]]>\n</script>) + expected = %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Form.Element.Observer('glass', 300, function(element, value) {new Ajax.Request('http://www.example.com/check_value', {asynchronous:true, evalScripts:true, parameters:'id=' + encodeURIComponent(value)})})\n//]]>\n</script>) assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => 'id') - assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => "'id=' + value") + assert_dom_equal expected, observe_field("glass", :frequency => 5.minutes, :url => { :action => "check_value" }, :with => "'id=' + encodeURIComponent(value)") end def test_observe_field_using_json_in_with_option actionpack/test/template/prototype_helper_test.rb c1c1d6c2ea72424dfae0b5ee1991d904dcf0f252 Frederick Cheung frederick.cheung@gmail.com http://github.com/rails/rails/commit/17d1319c480e58e28641b243da50ae5e5eab89dc 17d1319c480e58e28641b243da50ae5e5eab89dc 2008-05-19T02:30:56-07:00 2008-05-17T11:12:36-07:00 Ensure observe_field encodes value parameter. [#216 state:resolved] Signed-off-by: Pratik Naik <pratiknaik@gmail.com> 511ad2ba892080ec6bd05b9e3659dd326bb18906 Pratik Naik pratiknaik@gmail.com