Permalink
Browse files

html_escape mail_to when encode javascript and not hex

  • Loading branch information...
1 parent d7ee4bb commit 62c802c62256695a8f67a46c87a7c15ce34247fb Santiago Pastorino and José Ignacio Costa committed with Yehuda Katz Feb 19, 2010
Showing with 4 additions and 6 deletions.
  1. +4 −6 actionpack/lib/action_view/helpers/url_helper.rb
@@ -466,14 +466,12 @@ def mail_to(email_address, name = nil, html_options = {})
extras << "subject=#{CGI.escape(subject).gsub("+", "%20")}&" unless subject.nil?
extras = "?" << extras.gsub!(/&?$/,"") unless extras.empty?
- email_address = email_address.to_s
-
- email_address_obfuscated = email_address.dup
+ email_address_obfuscated = html_escape(email_address)
email_address_obfuscated.gsub!(/@/, html_options.delete("replace_at")) if html_options.has_key?("replace_at")
email_address_obfuscated.gsub!(/\./, html_options.delete("replace_dot")) if html_options.has_key?("replace_dot")
if encode == "javascript"
- "document.write('#{content_tag("a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c|
+ "document.write('#{content_tag("a", name || email_address_obfuscated.html_safe, html_options.merge({ "href" => "mailto:"+email_address+extras }))}');".each_byte do |c|
string << sprintf("%%%x", c)
end
"<script type=\"#{Mime::JS}\">eval(decodeURIComponent('#{string}'))</script>"
@@ -490,9 +488,9 @@ def mail_to(email_address, name = nil, html_options = {})
char = c.chr
string << (char =~ /\w/ ? sprintf("%%%x", c) : char)
end
- content_tag "a", name || email_address_encoded, html_options.merge({ "href" => "#{string}#{extras}" })
+ content_tag "a", name || email_address_encoded.html_safe, html_options.merge({ "href" => "#{string}#{extras}" })
else
- content_tag "a", name || email_address_obfuscated, html_options.merge({ "href" => "mailto:#{email_address}#{extras}" })
+ content_tag "a", name || email_address_obfuscated.html_safe, html_options.merge({ "href" => "mailto:#{email_address}#{extras}" })
end
end

0 comments on commit 62c802c

Please sign in to comment.