Skip to content
This repository
Browse code

URL fragments should not have safe characters escaped. Ref: Appendix A,

http://tools.ietf.org/rfc/rfc3986.txt

[#4762 state:resolved]

Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net>
  • Loading branch information...
commit bba19603c27e0439eb22a9bce7e3adf6924b224b 1 parent 6e65573
Andrew White pixeltrix authored jeremy committed
2  actionpack/lib/action_dispatch/routing/route_set.rb
@@ -447,7 +447,7 @@ def url_for(options)
447 447
448 448 # ROUTES TODO: This can be called directly, so script_name should probably be set in the router
449 449 rewritten_url << (options[:trailing_slash] ? path.sub(/\?|\z/) { "/" + $& } : path)
450   - rewritten_url << "##{Rack::Utils.escape(options[:anchor].to_param.to_s)}" if options[:anchor]
  450 + rewritten_url << "##{Rack::Mount::Utils.escape_uri(options[:anchor].to_param.to_s)}" if options[:anchor]
451 451
452 452 rewritten_url
453 453 end
12 actionpack/test/controller/url_for_test.rb
@@ -34,9 +34,15 @@ def test_anchor_should_call_to_param
34 34 )
35 35 end
36 36
37   - def test_anchor_should_be_cgi_escaped
38   - assert_equal('/c/a#anc%2Fhor',
39   - W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('anc/hor'))
  37 + def test_anchor_should_escape_unsafe_pchar
  38 + assert_equal('/c/a#%23anchor',
  39 + W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('#anchor'))
  40 + )
  41 + end
  42 +
  43 + def test_anchor_should_not_escape_safe_pchar
  44 + assert_equal('/c/a#name=user&email=user@domain.com',
  45 + W.new.url_for(:only_path => true, :controller => 'c', :action => 'a', :anchor => Struct.new(:to_param).new('name=user&email=user@domain.com'))
40 46 )
41 47 end
42 48

0 comments on commit bba1960

Please sign in to comment.
Something went wrong with that request. Please try again.