Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix double url escaping of remote_function. Add :escape => false opti…

…on to ActionView's url_for.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4014 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
commit c05c22a45f9332f50eb6efae5a393268f6b6609d 1 parent 2d24bed
@seckar seckar authored
View
2  actionpack/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Fix double url escaping of remote_function. Add :escape => false option to ActionView's url_for. [Nicholas Seckar]
+
* Add :script option to in_place_editor to support evalScripts (closes #4194) [codyfauser@gmail.com]
* Fix mixed case enumerable methods in the JavaScript Collection Proxy (closes #4314) [codyfauser@gmail.com]
View
4 actionpack/lib/action_view/helpers/prototype_helper.rb
@@ -301,7 +301,9 @@ def remote_function(options)
"new Ajax.Request(" :
"new Ajax.Updater(#{update}, "
- function << "'#{url_for(options[:url])}'"
+ url_options = options[:url]
+ url_options = url_options.merge(:escape => false) if url_options.is_a? Hash
+ function << "'#{url_for(url_options)}'"
function << ", #{javascript_options})"
function = "#{options[:before]}; #{function}" if options[:before]
View
14 actionpack/lib/action_view/helpers/url_helper.rb
@@ -13,9 +13,19 @@ module UrlHelper
# as url_for. For a list, see the documentation for ActionController::Base#url_for.
# Note that it'll set :only_path => true so you'll get /controller/action instead of the
# http://example.com/controller/action part (makes it harder to parse httpd log files)
+ #
+ # When called from a view, url_for returns an HTML escaped url. If you need an unescaped
+ # url, pass :escape => false to url_for.
+ #
def url_for(options = {}, *parameters_for_method_reference)
- options = { :only_path => true }.update(options.symbolize_keys) if options.kind_of? Hash
- html_escape(@controller.send(:url_for, options, *parameters_for_method_reference))
+ if options.kind_of? Hash
+ options = { :only_path => true }.update(options.symbolize_keys)
+ escape = options.key?(:escape) ? options.delete(:escape) : true
+ else
+ escape = true
+ end
+ url = @controller.send(:url_for, options, *parameters_for_method_reference)
+ escape ? html_escape(url) : url
end
# Creates a link tag of the given +name+ using an URL created by the set of +options+. See the valid options in
View
4 actionpack/test/template/prototype_helper_test.rb
@@ -16,6 +16,8 @@ def setup
def url_for(options, *parameters_for_method_reference)
url = "http://www.example.com/"
url << options[:action].to_s if options and options[:action]
+ url << "?a=#{options[:a]}" if options && options[:a]
+ url << "&b=#{options[:b]}" if options && options[:a] && options[:b]
url
end
end.new
@@ -40,6 +42,8 @@ def test_link_to_remote
link_to_remote("Remote outpost", :success => "alert(request.reponseText)", :url => { :action => "whatnot" })
assert_dom_equal %(<a href=\"#\" onclick=\"new Ajax.Request('http://www.example.com/whatnot', {asynchronous:true, evalScripts:true, onFailure:function(request){alert(request.reponseText)}}); return false;\">Remote outpost</a>),
link_to_remote("Remote outpost", :failure => "alert(request.reponseText)", :url => { :action => "whatnot" })
+ assert_dom_equal %(<a href=\"#\" onclick=\"new Ajax.Request('http://www.example.com/whatnot?a=10&amp;b=20', {asynchronous:true, evalScripts:true, onFailure:function(request){alert(request.reponseText)}}); return false;\">Remote outpost</a>),
+ link_to_remote("Remote outpost", :failure => "alert(request.reponseText)", :url => { :action => "whatnot", :a => '10', :b => '20' })
end
def test_periodically_call_remote
View
2  actionpack/test/template/url_helper_test.rb
@@ -25,6 +25,8 @@ def url_for(options, *parameters_for_method_reference)
def test_url_for_escapes_urls
@controller.url = "http://www.example.com?a=b&c=d"
assert_equal "http://www.example.com?a=b&amp;c=d", url_for(:a => 'b', :c => 'd')
+ assert_equal "http://www.example.com?a=b&amp;c=d", url_for(:a => 'b', :c => 'd', :escape => true)
+ assert_equal "http://www.example.com?a=b&c=d", url_for(:a => 'b', :c => 'd', :escape => false)
end
# todo: missing test cases
Please sign in to comment.
Something went wrong with that request. Please try again.