Skip to content
Browse files

Always escape string passed to url helper.

Makes it clear that anything passed with the helper must not be percent encoded.

Fixes previous behavior which tricks people into believing passing
non-percent-encoded will generate a proper percent-encoded path while in
reality it doesn't ('%' isn't escaped).

The intention is nice but the heuristic is broken.
  • Loading branch information...
1 parent c524556 commit e2ef83f8387679ce540d745659a79dd13164f9b5 @nanaya nanaya committed with pixeltrix Apr 7, 2014
View
2 actionpack/lib/action_dispatch/journey/router/utils.rb
@@ -29,7 +29,7 @@ module UriEscape # :nodoc:
# Symbol captures can generate multiple path segments, so include /.
reserved_segment = '/'
reserved_fragment = '/?'
- reserved_pchar = ':@&=+$,;%'
+ reserved_pchar = ':@&=+$,;'
safe_pchar = "#{URI::REGEXP::PATTERN::UNRESERVED}#{reserved_pchar}"
safe_segment = "#{safe_pchar}#{reserved_segment}"
View
4 actionpack/test/journey/router/utils_test.rb
@@ -5,11 +5,11 @@ module Journey
class Router
class TestUtils < ActiveSupport::TestCase
def test_path_escape
- assert_equal "a/b%20c+d", Utils.escape_path("a/b c+d")
+ assert_equal "a/b%20c+d%25", Utils.escape_path("a/b c+d%")
end
def test_fragment_escape
- assert_equal "a/b%20c+d?e", Utils.escape_fragment("a/b c+d?e")
+ assert_equal "a/b%20c+d%25?e", Utils.escape_fragment("a/b c+d%?e")
end
def test_uri_unescape

0 comments on commit e2ef83f

Please sign in to comment.
Something went wrong with that request. Please try again.