URL fragments should not have safe characters escaped. Ref: Appendix A,

http://tools.ietf.org/rfc/rfc3986.txt [#4762 state:resolved] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
rails · Jun 26, 2010 · bba1960 · bba1960
1 parent 6e65573
commit bba1960
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -447,7 +447,7 @@ def url_for(options)
 
         # ROUTES TODO: This can be called directly, so script_name should probably be set in the router
         rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path)
-        rewritten_url << "##{Rack::Utils.escape(options[:anchor].to_param.to_s)}" if options[:anchor]
+        rewritten_url << "##{Rack::Mount::Utils.escape_uri(options[:anchor].to_param.to_s)}" if options[:anchor]
 
         rewritten_url
       end

diff --git a/actionpack/test/controller/url_for_test.rb b/actionpack/test/controller/url_for_test.rb
@@ -34,9 +34,15 @@ def test_anchor_should_call_to_param
         )
       end
 
-      def test_anchor_should_be_cgi_escaped
-        assert_equal('/c/a#anc%2Fhor',
-          W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('anc/hor'))
+      def test_anchor_should_escape_unsafe_pchar
+        assert_equal('/c/a#%23anchor',
+          W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('#anchor'))
+        )
+      end
+
+      def test_anchor_should_not_escape_safe_pchar
+        assert_equal('/c/a#name=user&email=user@domain.com',
+          W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('name=user&email=user@domain.com'))
         )
       end