Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

ensure u2029 is escaped in escape_javascript helper #5380

Merged
merged 1 commit into from

4 participants

@benmmurphy

similar to issue #2587

http://www.fileformat.info/info/unicode/char/2029/index.htm
http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-262.pdf (section 7.3)

The ECMAScript line terminator characters are listed in Table 3.
Table 3 — Line Terminator Characters
Code Unit Value Name Formal Name
\u000A Line Feed <LF>
\u000D Carriage Return  <CR>
\u2028 Line separator <LS>
\u2029 Paragraph separator <PS>
@tenderlove tenderlove merged commit dea486d into rails:master
@joe1chen

My Rails 3.2.2 application was working fine, but after upgrading to 3.2.3, some of my ajax requests stopped working. I finally tracked it down to this specific change. In my ajax response, I'm rendering a partial and then calling escape_javascript before prepending the data back to the dom.

Here is the rendered javascript response:

$('#repeater').prepend("<textarea class=\"text optional count[20,50]\" cols=\"40\" id=\"editBookForm4fab007b4f9f2503d500018b_book_comment\" name=\"book[comment]\" rows=\"6\">
<\/textarea>\n\n");

The javascript is broken because the closing tag for the string is on the next line.

I recommend reverting the previous change to the javascript helper until the above change can be more fully tested.

Edit: Looking at the value passed to the escape_javascript function in the debugger, i see the value is:

<textarea class="text optional count[20,50]" cols="40" id="editBookForm4fab007b4f9f2503d500018b_book_comment" name="book[comment]" rows="6"><haml:newline/></textarea>

Still tracking down why this fails in 3.2.3 but works in 3.2.2. I will open a bug when I figure out exactly what is going on.

What is interesting is the

<haml:newline/>

in between the text area's.

Collaborator

@joe1chen can you make an issue, please? Comments on commits are likely to get lost. Thanks!

@joe1chen

Looking more into this.. looks like I may have been wrong... my problem may have been caused by Pull #5191 or a combination of the two..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 11, 2012
  1. @benmmurphy
This page is out of date. Refresh to see the latest.
View
4 actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -14,6 +14,8 @@ module JavaScriptHelper
}
JS_ESCAPE_MAP["\342\200\250".force_encoding('UTF-8').encode!] = '&#x2028;'
+ JS_ESCAPE_MAP["\342\200\251".force_encoding('UTF-8').encode!] = '&#x2029;'
+
# Escapes carriage returns and single and double quotes for JavaScript segments.
#
@@ -22,7 +24,7 @@ module JavaScriptHelper
# $('some_element').replaceWith('<%=j render 'some/element_template' %>');
def escape_javascript(javascript)
if javascript
- result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
+ result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"'])/u) {|match| JS_ESCAPE_MAP[match] }
javascript.html_safe? ? result.html_safe : result
else
''
View
2  actionpack/test/template/javascript_helper_test.rb
@@ -28,6 +28,8 @@ def test_escape_javascript
assert_equal %(backslash\\\\test), escape_javascript( %(backslash\\test) )
assert_equal %(dont <\\/close> tags), escape_javascript(%(dont </close> tags))
assert_equal %(unicode &#x2028; newline), escape_javascript(%(unicode \342\200\250 newline).force_encoding('UTF-8').encode!)
+ assert_equal %(unicode &#x2029; newline), escape_javascript(%(unicode \342\200\251 newline).force_encoding('UTF-8').encode!)
+
assert_equal %(dont <\\/close> tags), j(%(dont </close> tags))
end
Something went wrong with that request. Please try again.