Skip to content

Unescaping form-data with 0.2.4 #22

Open
yabawock opened this Issue Dec 9, 2011 · 2 comments

2 participants

@yabawock
yabawock commented Dec 9, 2011

EscapeUtils 0.2.4 seems to have introduced a bug in regard to unescaping form submission.

This can easily be seen when having as simple a form as this in a stock rails app:

<%= form_for :test, :url => '/test/create' do |f| %>
  <%= f.text_field :test, :type => :tel %>
<% end %>

When I enter +++Test+++ into the field and submit the form I get the data I expect in the params has, +++Test+++

Adding escape_utils 0.2.4 to the Gemfile and putting

require 'escape_utils/url/rack'

into an initializer leads to the form data being decoded as Test (the leading and trailing space does not show here!), the plus gets decoded to a blank - not exactly what I expect to happen in an input field with form data.

This problem doesn't occur with 0.2.3 - I suspect it has something to do with the move to 'houdini'

@apolzon
apolzon commented Feb 13, 2012

Following. Not a fun issue to track down when you forget you've monkey-patchd Rack's escape/unescape methods :).

Would like to know if this is planning on being fixed or if the new behavior is deemed more "correct".

@yabawock

@brianmario @tanoku Any feedback?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.