Browse files

ensure u2029 is escaped in escape_javascript helper

  • Loading branch information...
1 parent 4d2d0d9 commit c8168a7cdcdda114f634e8a429ba7ebac86eaf18 @benmmurphy benmmurphy committed with benmmurphy Feb 22, 2012
@@ -14,6 +14,8 @@ module JavaScriptHelper
JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '
+ JS_ESCAPE_MAP["\342\200\251".force_encoding('UTF-8').encode!] = '
# Escapes carriage returns and single and double quotes for JavaScript segments.
@@ -22,7 +24,7 @@ module JavaScriptHelper
# $('some_element').replaceWith('<%=j render 'some/element_template' %>');
def escape_javascript(javascript)
if javascript
- result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
+ result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
javascript.html_safe? ? result.html_safe : result
@@ -28,6 +28,8 @@ def test_escape_javascript
assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags))
assert_equal %(unicode &#x2028; newline), escape_javascript(%(unicode \342\200\250 newline).force_encoding('UTF-8').encode!)
+ assert_equal %(unicode &#x2029; newline), escape_javascript(%(unicode \342\200\251 newline).force_encoding('UTF-8').encode!)
assert_equal %(dont <\\/close> tags), j(%(dont </close> tags))

2 comments on commit c8168a7

My Rails 3.2.2 application was working fine, but after upgrading to 3.2.3, some of my ajax requests stopped working. I finally tracked it down to this specific change. In my ajax response, I'm rendering a partial and then calling escape_javascript before prepending the data back to the dom.

Here is the rendered javascript response:

$('#repeater').prepend("<textarea class=\"text optional count[20,50]\" cols=\"40\" id=\"editBookForm4fab007b4f9f2503d500018b_book_comment\" name=\"book[comment]\" rows=\"6\">

The javascript is broken because the closing tag for the string is on the next line.

I recommend reverting the previous change to the javascript helper until the above change can be more fully tested.

Edit: Looking at the value passed to the escape_javascript function in the debugger, i see the value is:

<textarea class="text optional count[20,50]" cols="40" id="editBookForm4fab007b4f9f2503d500018b_book_comment" name="book[comment]" rows="6"><haml:newline/></textarea>

Still tracking down why this fails in 3.2.3 but works in 3.2.2. I will open a bug when I figure out exactly what is going on.

What is interesting is the


in between the text area's.


steveklabnik replied May 10, 2012

@joe1chen can you make an issue, please? Comments on commits are likely to get lost. Thanks!

Please sign in to comment.