mirrors
/
rails
mirror of https://github.com/rails/rails
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

&#39 dates back to SGML when &#x27 was introduced in HTML 4.0

This commit is contained in:
Kalys Osmonov 2012-09-03 15:42:24 +06:00
parent 5d264f229c
commit 6b2a24c3bd
10 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
actionpack/test/template/erb_util_test.rb
View File

@ -45,7 +45,7 @@ class ErbUtilTest < ActiveSupport::TestCase
end
def test_html_escape_once
assert_equal '1 &lt;&gt;&amp;&quot;&#x27; 2 &amp; 3', html_escape_once('1 <>&"\' 2 &amp; 3')
assert_equal '1 &lt;&gt;&amp;&quot;&#39; 2 &amp; 3', html_escape_once('1 <>&"\' 2 &amp; 3')
end
def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings

2
actionpack/test/template/form_options_helper_test.rb
View File

@ -1124,7 +1124,7 @@ class FormOptionsHelperTest < ActionView::TestCase
def test_options_for_select_with_element_attributes
assert_dom_equal(
"<option value=\"&lt;Denmark&gt;\" class=\"bold\">&lt;Denmark&gt;</option>\n<option value=\"USA\" onclick=\"alert(&#x27;Hello World&#x27;);\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>",
"<option value=\"&lt;Denmark&gt;\" class=\"bold\">&lt;Denmark&gt;</option>\n<option value=\"USA\" onclick=\"alert(&#39;Hello World&#39;);\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>",
options_for_select([ [ "<Denmark>", { :class => 'bold' } ], [ "USA", { :onclick => "alert('Hello World');" } ], [ "Sweden" ], "Germany" ])
)
end

2
actionpack/test/template/form_tag_helper_test.rb
View File

@ -391,7 +391,7 @@ class FormTagHelperTest < ActionView::TestCase
def test_submit_tag
assert_dom_equal(
%(<input name='commit' data-disable-with="Saving..." onclick="alert(&#x27;hello!&#x27;)" type="submit" value="Save" />),
%(<input name='commit' data-disable-with="Saving..." onclick="alert(&#39;hello!&#39;)" type="submit" value="Save" />),
submit_tag("Save", :onclick => "alert('hello!')", :data => { :disable_with => "Saving..." })
)
end

10
actionpack/test/template/javascript_helper_test.rb
View File

@ -44,14 +44,14 @@ class JavaScriptHelperTest < ActionView::TestCase
def test_button_to_function
assert_deprecated "button_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
assert_dom_equal %(<input type="button" onclick="alert(&#x27;Hello world!&#x27;);" value="Greeting" />),
assert_dom_equal %(<input type="button" onclick="alert(&#39;Hello world!&#39;);" value="Greeting" />),
button_to_function("Greeting", "alert('Hello world!')")
end
end
def test_button_to_function_with_onclick
assert_deprecated "button_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
assert_dom_equal "<input onclick=\"alert(&#x27;Goodbye World :(&#x27;); alert(&#x27;Hello world!&#x27;);\" type=\"button\" value=\"Greeting\" />",
assert_dom_equal "<input onclick=\"alert(&#39;Goodbye World :(&#39;); alert(&#39;Hello world!&#39;);\" type=\"button\" value=\"Greeting\" />",
button_to_function("Greeting", "alert('Hello world!')", :onclick => "alert('Goodbye World :(')")
end
end
@ -65,21 +65,21 @@ class JavaScriptHelperTest < ActionView::TestCase
def test_link_to_function
assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
assert_dom_equal %(<a href="#" onclick="alert(&#x27;Hello world!&#x27;); return false;">Greeting</a>),
assert_dom_equal %(<a href="#" onclick="alert(&#39;Hello world!&#39;); return false;">Greeting</a>),
link_to_function("Greeting", "alert('Hello world!')")
end
end
def test_link_to_function_with_existing_onclick
assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
assert_dom_equal %(<a href="#" onclick="confirm(&#x27;Sanity!&#x27;); alert(&#x27;Hello world!&#x27;); return false;">Greeting</a>),
assert_dom_equal %(<a href="#" onclick="confirm(&#39;Sanity!&#39;); alert(&#39;Hello world!&#39;); return false;">Greeting</a>),
link_to_function("Greeting", "alert('Hello world!')", :onclick => "confirm('Sanity!')")
end
end
def test_function_with_href
assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
assert_dom_equal %(<a href="http://example.com/" onclick="alert(&#x27;Hello world!&#x27;); return false;">Greeting</a>),
assert_dom_equal %(<a href="http://example.com/" onclick="alert(&#39;Hello world!&#39;); return false;">Greeting</a>),
link_to_function("Greeting", "alert('Hello world!')", :href => 'http://example.com/')
end
end

2
actionpack/test/template/text_helper_test.rb
View File

@ -149,7 +149,7 @@ class TextHelperTest < ActionView::TestCase
end
def test_truncate_with_block_should_escape_the_block
assert_equal "Here is a long test and ...&lt;script&gt;alert(&#x27;foo&#x27;);&lt;/script&gt;",
assert_equal "Here is a long test and ...&lt;script&gt;alert(&#39;foo&#39;);&lt;/script&gt;",
truncate("Here is a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" }
end

2
actionpack/test/template/url_helper_test.rb
View File

@ -244,7 +244,7 @@ class UrlHelperTest < ActiveSupport::TestCase
def test_link_tag_with_custom_onclick
link = link_to("Hello", "http://www.example.com", :onclick => "alert('yay!')")
expected = %{<a href="http://www.example.com" onclick="alert(&#x27;yay!&#x27;)">Hello</a>}
expected = %{<a href="http://www.example.com" onclick="alert(&#39;yay!&#39;)">Hello</a>}
assert_dom_equal expected, link
end

2
activesupport/CHANGELOG.md
View File

@ -1,5 +1,7 @@
## Rails 4.0.0 (unreleased) ##
* `ERB::Util.html_escape` encodes single quote as `#39`. Decimal form has better support in old browsers. *Kalys Osmonov*
* `ActiveSupport::Callbacks`: deprecate monkey patch of object callbacks.
Using the #filter method like this:

2
activesupport/lib/active_support/core_ext/string/output_safety.rb
View File

@ -3,7 +3,7 @@ require 'active_support/core_ext/kernel/singleton_class'
class ERB
module Util
HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#x27;' }
HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+));)/
JSON_ESCAPE_REGEXP = /[&"><]/

2
activesupport/test/core_ext/string_ext_test.rb
View File

@ -500,7 +500,7 @@ class OutputSafetyTest < ActiveSupport::TestCase
test "ERB::Util.html_escape should escape unsafe characters" do
string = '<>&"\''
expected = '&lt;&gt;&amp;&quot;&#x27;'
expected = '&lt;&gt;&amp;&quot;&#39;'
assert_equal expected, ERB::Util.html_escape(string)
end

4
railties/test/application/assets_test.rb
View File

@ -241,7 +241,7 @@ module ApplicationTests
get '/posts'
assert_match(/AssetNotPrecompiledError/, last_response.body)
assert_match(/app.js isn&#x27;t precompiled/, last_response.body)
assert_match(/app.js isn&#39;t precompiled/, last_response.body)
end
test "assets raise AssetNotPrecompiledError when manifest file is present and requested file isn't precompiled if digest is disabled" do
@ -265,7 +265,7 @@ module ApplicationTests
get '/posts'
assert_match(/AssetNotPrecompiledError/, last_response.body)
assert_match(/app.js isn&#x27;t precompiled/, last_response.body)
assert_match(/app.js isn&#39;t precompiled/, last_response.body)
end
test "precompile properly refers files referenced with asset_path and and run in the provided RAILS_ENV" do