Use escape_javascript helper instead of inspect/etc

lib/responds_to_parent.rb

@@ -1,6 +1,5 @@
 # Module containing the methods useful for child IFRAME to parent window communication
 module RespondsToParent
-
   # Executes the response body as JavaScript in the context of the parent window.
   # Use this method of you are posting a form to a hidden IFRAME or if you would like
   # to use IFRAME base RPC.
@@ -10,22 +9,14 @@ def responds_to_parent(&block)
     if performed?
       # Either pull out a redirect or the request body
       script =  if location = erase_redirect_results
-                  "document.location.href = #{location.to_s.inspect}"
+                  "document.location.href = '#{self.class.helpers.escape_javascript location.to_s}'"
                 else
-                  response.body
+                  response.body || ''
                 end
-
-      # Escape quotes, linebreaks and slashes, maintaining previously escaped slashes
-      # Suggestions for improvement?
-      script = (script || '').
-        gsub('\\', '\\\\\\').
-        gsub(/\r\n|\r|\n/, '\\n').
-        gsub(/['"]/, '\\\\\&').
-        gsub('</script>','</scr"+"ipt>')
 
       # Clear out the previous render to prevent double render
       erase_results
-      
+
       # We're returning HTML instead of JS or XML now
       response.headers['Content-Type'] = 'text/html; charset=UTF-8'
 
@@ -37,7 +28,7 @@ def responds_to_parent(&block)
       # window.eval - legal eval for Opera
       render :text => "<html><body><script type='text/javascript' charset='utf-8'>
         var loc = document.location;
-        with(window.parent) { setTimeout(function() { window.eval('#{script}'); window.loc && loc.replace('about:blank'); }, 1) } 
+        with(window.parent) { setTimeout(function() { window.eval('#{self.class.helpers.escape_javascript script}'); window.loc && loc.replace('about:blank'); }, 1) }
       </script></body></html>"
     end
   end