Skip to content


Subversion checkout URL

You can clone with
Download ZIP


ensure u2029 is escaped in escape_javascript helper #5380

merged 1 commit into from

4 participants


similar to issue #2587 (section 7.3)

The ECMAScript line terminator characters are listed in Table 3.
Table 3 — Line Terminator Characters
Code Unit Value Name Formal Name
\u000A Line Feed <LF>
\u000D Carriage Return  <CR>
\u2028 Line separator <LS>
\u2029 Paragraph separator <PS>
@tenderlove tenderlove merged commit dea486d into rails:master

My Rails 3.2.2 application was working fine, but after upgrading to 3.2.3, some of my ajax requests stopped working. I finally tracked it down to this specific change. In my ajax response, I'm rendering a partial and then calling escape_javascript before prepending the data back to the dom.

Here is the rendered javascript response:

$('#repeater').prepend("<textarea class=\"text optional count[20,50]\" cols=\"40\" id=\"editBookForm4fab007b4f9f2503d500018b_book_comment\" name=\"book[comment]\" rows=\"6\">

The javascript is broken because the closing tag for the string is on the next line.

I recommend reverting the previous change to the javascript helper until the above change can be more fully tested.

Edit: Looking at the value passed to the escape_javascript function in the debugger, i see the value is:

<textarea class="text optional count[20,50]" cols="40" id="editBookForm4fab007b4f9f2503d500018b_book_comment" name="book[comment]" rows="6"><haml:newline/></textarea>

Still tracking down why this fails in 3.2.3 but works in 3.2.2. I will open a bug when I figure out exactly what is going on.

What is interesting is the


in between the text area's.


@joe1chen can you make an issue, please? Comments on commits are likely to get lost. Thanks!


Looking more into this.. looks like I may have been wrong... my problem may have been caused by Pull #5191 or a combination of the two..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 11, 2012
  1. @benmmurphy
This page is out of date. Refresh to see the latest.
4 actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -14,6 +14,8 @@ module JavaScriptHelper
JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '&#x2028;'
+ JS_ESCAPE_MAP["\342\200\251".force_encoding('UTF-8').encode!] = '&#x2029;'
# Escapes carriage returns and single and double quotes for JavaScript segments.
@@ -22,7 +24,7 @@ module JavaScriptHelper
# $('some_element').replaceWith('<%=j render 'some/element_template' %>');
def escape_javascript(javascript)
if javascript
- result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
+ result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
javascript.html_safe? ? result.html_safe : result
2  actionpack/test/template/javascript_helper_test.rb
@@ -28,6 +28,8 @@ def test_escape_javascript
assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags))
assert_equal %(unicode &#x2028; newline), escape_javascript(%(unicode \342\200\250 newline).force_encoding('UTF-8').encode!)
+ assert_equal %(unicode &#x2029; newline), escape_javascript(%(unicode \342\200\251 newline).force_encoding('UTF-8').encode!)
assert_equal %(dont <\\/close> tags), j(%(dont </close> tags))
Something went wrong with that request. Please try again.