Fixed JavaScriptHelper#escape_javascript to also escape closing tags (c…

…loses #8023) [rubyruy] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7567 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
rails · Sep 22, 2007 · da5d8fa · da5d8fa
1 parent 9809dc4
commit da5d8fa
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Fixed JavaScriptHelper#escape_javascript to also escape closing tags #8023 [rubyruy]
+
 * Fixed TextHelper#word_wrap for multiline strings with extra carrier returns #8663 [seth]
 
 * Fixed that setting the :host option in url_for would automatically turn off :only_path (since :host would otherwise not be shown) #9586 [Bounga]

diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -149,7 +149,7 @@ def define_javascript_functions
 
       # Escape carrier returns and single and double quotes for JavaScript segments.
       def escape_javascript(javascript)
-        (javascript || '').gsub('\\','\0\0').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" }
+        (javascript || '').gsub('\\','\0\0').gsub('</','<\/').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" }
       end
 
       # Returns a JavaScript tag with the +content+ inside. Example:

diff --git a/actionpack/test/template/javascript_helper_test.rb b/actionpack/test/template/javascript_helper_test.rb
@@ -21,6 +21,7 @@ def test_escape_javascript
     assert_equal '', escape_javascript(nil)
     assert_equal %(This \\"thing\\" is really\\n netos\\'), escape_javascript(%(This "thing" is really\n netos'))
     assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
+    assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags))
   end
 
   def test_link_to_function