rails / rails fork watch download tarball
public
Forks677Right
Watchers3838Right
Description: Ruby on Rails
Homepage: http://rubyonrails.org
Clone URL: git://github.com/rails/rails.git 
mail_to should use decodeURIcomponent instead of unescape to be utf friendly.

Signed-off-by: Michael Koziarski <michael@koziarski.com>
miloops (author)
Thu Jul 31 15:44:11 -0700 2008
NZKoz (committer)
Fri Aug 08 06:31:02 -0700 2008
commit  ea0d036e31d984888303a79533ff872b787871ae
tree    8a6be72060277961f5e2cbf16c40c6b90f6e1fe0
parent  7f6e7ba1f7e8735f1c3f30ba125b5432f00d2a70
0
actionpack/lib/action_view/helpers/url_helper.rb 
...
442
443
444
445
 
446
447
448
...
476
477
478
479
 
480
481
482
 
...
442
443
444
 
445
446
447
448
...
476
477
478
 
479
480
481
482
 
0
@@ -442,7 +442,7 @@ module ActionView
0
       #   # => <a href="mailto:me@domain.com">me@domain.com</a>
0
       #
0
       #   mail_to "me@domain.com", "My email", :encode => "javascript"
0
-      #   # => <script type="text/javascript">eval(unescape('%64%6f%63...%6d%65%6e'))</script>
0
+      #   # => <script type="text/javascript">eval(decodeURIComponent('%64%6f%63...%27%29%3b'))</script>
0
       #
0
       #   mail_to "me@domain.com", "My email", :encode => "hex"
0
       #   # => <a href="mailto:%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d">My email</a>
0
@@ -476,7 +476,7 @@ module ActionView
0
           "document.write('#{content_tag("a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c|
0
             string << sprintf("%%%x", c)
0
           end
0
-          "<script type=\"#{Mime::JS}\">eval(unescape('#{string}'))</script>"
0
+          "<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>"
0
         elsif encode == "hex"
0
           email_address_encoded = ''
0
           email_address_obfuscated.each_byte do |c|
0
actionpack/test/template/url_helper_test.rb 
...
277
278
279
280
 
 
 
 
 
281
282
283
...
301
302
303
304
305
 
 
306
307
308
 
...
277
278
279
 
280
281
282
283
284
285
286
287
...
305
306
307
 
 
308
309
310
311
312
 
0
@@ -277,7 +277,11 @@ class UrlHelperTest < ActionView::TestCase
0
   end
0
 
0
   def test_mail_to_with_javascript
0
-    assert_dom_equal "<script type=\"text/javascript\">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript")
0
+    assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript")
0
+  end
0
+
0
+  def test_mail_to_with_javascript_unicode
0
+    assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%75%6e%69%63%6f%64%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%22%3e%c3%ba%6e%69%63%6f%64%65%3c%2f%61%3e%27%29%3b'))</script>", mail_to("unicode@example.com", "Ășnicode", :encode => "javascript")
0
   end
0
 
0
   def test_mail_with_options
0
@@ -301,8 +305,8 @@ class UrlHelperTest < ActionView::TestCase
0
     assert_dom_equal "<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">&#109;&#101;&#40;&#97;&#116;&#41;&#100;&#111;&#109;&#97;&#105;&#110;&#46;&#99;&#111;&#109;</a>", mail_to("me@domain.com", nil, :encode => "hex", :replace_at => "(at)")
0
     assert_dom_equal "<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">My email</a>", mail_to("me@domain.com", "My email", :encode => "hex", :replace_at => "(at)")
0
     assert_dom_equal "<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">&#109;&#101;&#40;&#97;&#116;&#41;&#100;&#111;&#109;&#97;&#105;&#110;&#40;&#100;&#111;&#116;&#41;&#99;&#111;&#109;</a>", mail_to("me@domain.com", nil, :encode => "hex", :replace_at => "(at)", :replace_dot => "(dot)")
0
-    assert_dom_equal "<script type=\"text/javascript\">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)")
0
-    assert_dom_equal "<script type=\"text/javascript\">eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%6d%65%28%61%74%29%64%6f%6d%61%69%6e%28%64%6f%74%29%63%6f%6d%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", nil, :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)")
0
+    assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", "My email", :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)")
0
+    assert_dom_equal "<script type=\"text/javascript\">eval(decodeURIComponent('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%6d%65%28%61%74%29%64%6f%6d%61%69%6e%28%64%6f%74%29%63%6f%6d%3c%2f%61%3e%27%29%3b'))</script>", mail_to("me@domain.com", nil, :encode => "javascript", :replace_at => "(at)", :replace_dot => "(dot)")
0
   end
0
 
0
   def protect_against_forgery?

Comments