Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Ensure RJS redirect_to doesn't html-escapes string argument. Closes #…
…8546

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@9212 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information
lifo committed Apr 2, 2008
1 parent 6a36d96 commit 1e087fd
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 1 deletion.
2 changes: 2 additions & 0 deletions actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*

* Ensure RJS redirect_to doesn't html-escapes string argument. Closes #8546 [josh, eventualbuddha, Pratik]

* Support render :partial => collection of heterogeneous elements. #11491 [Zach Dennis]

* Avoid remote_ip spoofing. [Brian Candler]
Expand Down
3 changes: 2 additions & 1 deletion actionpack/lib/action_view/helpers/prototype_helper.rb
Expand Up @@ -843,7 +843,8 @@ def alert(message)
# # Generates: window.location.href = "/account/signup";
# page.redirect_to(:controller => 'account', :action => 'signup')
def redirect_to(location)
assign 'window.location.href', @context.url_for(location)
url = location.is_a?(String) ? location : @context.url_for(location)
record "window.location.href = #{url.inspect}"
end

# Calls the JavaScript +function+, optionally with the given +arguments+.
Expand Down
20 changes: 20 additions & 0 deletions actionpack/test/controller/redirect_test.rb
Expand Up @@ -65,6 +65,14 @@ def redirect_with_assigns
redirect_to :action => "hello_world"
end

def redirect_to_url
redirect_to "http://www.rubyonrails.org/"
end

def redirect_to_url_with_unescaped_query_string
redirect_to "http://dev.rubyonrails.org/query?status=new"
end

def redirect_to_back
redirect_to :back
end
Expand Down Expand Up @@ -193,6 +201,18 @@ def test_redirect_with_assigns
assert_equal "world", assigns["hello"]
end

def test_redirect_to_url
get :redirect_to_url
assert_response :redirect
assert_redirected_to "http://www.rubyonrails.org/"
end

def test_redirect_to_url_with_unescaped_query_string
get :redirect_to_url_with_unescaped_query_string
assert_response :redirect
assert_redirected_to "http://dev.rubyonrails.org/query?status=new"
end

def test_redirect_to_back
@request.env["HTTP_REFERER"] = "http://www.example.com/coming/from"
get :redirect_to_back
Expand Down
2 changes: 2 additions & 0 deletions actionpack/test/template/prototype_helper_test.rb
Expand Up @@ -358,6 +358,8 @@ def test_alert
def test_redirect_to
assert_equal 'window.location.href = "http://www.example.com/welcome";',
@generator.redirect_to(:action => 'welcome')
assert_equal 'window.location.href = "http://www.example.com/welcome?a=b&c=d";',
@generator.redirect_to("http://www.example.com/welcome?a=b&c=d")
end

def test_delay
Expand Down

0 comments on commit 1e087fd

Please sign in to comment.