Permalink
Browse files

Restores the escaping of urls generated from hashes. [#4765 state:res…

…olved]

HTML specifications recommend the escaping of urls in web pages,
which url_for does by default for string urls and consquently
urls generated by path helpers as these return strings.

Hashes passed to url_for are not escaped by default and this
commit reverses this default so that they are escaped.

Undoes the changes of this commit:
http://github.com/rails/rails/commit/1b3195b63ca44f0a70b61b75fcf4991cb2fbb944

Signed-off-by: José Valim <jose.valim@gmail.com>
  • Loading branch information...
1 parent e717631 commit 0b6ce3422370647cad3e91263a291f69b313d65b @pixeltrix pixeltrix committed with josevalim Jun 27, 2010
Showing with 5 additions and 9 deletions.
  1. +1 −1 actionpack/lib/action_view/helpers/url_helper.rb
  2. +4 −8 actionpack/test/template/url_helper_test.rb
@@ -104,7 +104,7 @@ def url_for(options = {})
options
when Hash
options = { :only_path => options[:host].nil? }.update(options.symbolize_keys)
- escape = options.key?(:escape) ? options.delete(:escape) : false
+ escape = options.key?(:escape) ? options.delete(:escape) : true
super
when :back
escape = false
@@ -41,7 +41,7 @@ def hash_for(opts = {})
alias url_hash hash_for
def test_url_for_escapes_urls
- assert_equal "/?a=b&c=d", url_for(abcd)
+ assert_equal "/?a=b&amp;c=d", url_for(abcd)
assert_equal "/?a=b&amp;c=d", url_for(abcd(:escape => true))
assert_equal "/?a=b&c=d", url_for(abcd(:escape => false))
end
@@ -53,6 +53,7 @@ def test_url_for_escaping_is_safety_aware
def test_url_for_escapes_url_once
assert_equal "/?a=b&amp;c=d", url_for("/?a=b&amp;c=d")
+ assert_equal "/?a=b&amp;c=d", url_for(abcd)
end
def test_url_for_with_back
@@ -67,11 +68,6 @@ def test_url_for_with_back_and_no_referer
assert_equal 'javascript:history.back()', url_for(:back)
end
- def test_url_for_from_hash_doesnt_escape_ampersand
- path = url_for(hash_for(:foo => :bar, :baz => :quux))
- assert_equal '/?baz=quux&foo=bar', sort_query_string_params(path)
- end
-
# todo: missing test cases
def test_button_to_with_straight_url
assert_dom_equal "<form method=\"post\" action=\"http://www.example.com\" class=\"button_to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", button_to("Hello", "http://www.example.com")
@@ -345,7 +341,7 @@ def test_link_unless_current
link_to_unless_current("Showing", "http://www.example.com/?order=asc")
@request = request_for_url("/?order=desc")
- assert_equal %{<a href="/?order=desc&page=2\">Showing</a>},
+ assert_equal %{<a href="/?order=desc&amp;page=2\">Showing</a>},
link_to_unless_current("Showing", hash_for(:order => "desc", :page => 2))
assert_equal %{<a href="http://www.example.com/?order=desc&amp;page=2">Showing</a>},
link_to_unless_current("Showing", "http://www.example.com/?order=desc&page=2")
@@ -415,7 +411,7 @@ def protect_against_forgery?
private
def sort_query_string_params(uri)
path, qs = uri.split('?')
- qs = qs.split('&').sort.join('&') if qs
+ qs = qs.split('&amp;').sort.join('&amp;') if qs
qs ? "#{path}?#{qs}" : path
end
end

0 comments on commit 0b6ce34

Please sign in to comment.