Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
ensure that 'href' values in pagination links are escaped URLs
  • Loading branch information
mislav committed May 12, 2008
1 parent 2fa688b commit 537f22c
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/will_paginate/view_helpers.rb
Expand Up @@ -299,7 +299,7 @@ def page_span(page, text, attributes = {})
def url_for(page)
page_one = page == 1
unless @url_string and !page_one
@url_params = { :escape => false }
@url_params = {}
# page links should preserve GET parameters
stringified_merge @url_params, @template.params if @template.request.get?
stringified_merge @url_params, @options[:params] if @options[:params]
Expand All @@ -317,7 +317,7 @@ def url_for(page)
return url if page_one

if complex
@url_string = url.sub(%r!([?&]#{CGI.escape param_name}=)#{page}!, '\1@')
@url_string = url.sub(%r!((?:\?|&)#{CGI.escape param_name}=)#{page}!, '\1@')
return url
else
@url_string = url
Expand Down
10 changes: 10 additions & 0 deletions test/view_test.rb
Expand Up @@ -95,6 +95,16 @@ def test_full_output
assert_dom_equal expected, @html_result
end

def test_escaping_of_urls
paginate({:page => 1, :per_page => 1, :total_entries => 2},
:page_links => false, :params => { :tag => '<br>' })

assert_select 'a[href]', 1 do |links|
query = links.first['href'].split('?', 2)[1]
assert_equal %w(page=2 tag=%3Cbr%3E), query.split('&amp;').sort
end
end

## advanced options for pagination ##

def test_will_paginate_without_container
Expand Down

0 comments on commit 537f22c

Please sign in to comment.