hi,
I diff-ed 3.0.0 with 3.0.1 and I got this
diff --git a/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
b/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
index 142cd08..fb2118a 100644
--- a/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
+++ b/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb
@@ -17,7 +17,7 @@ module ActionDispatch
#
...skipping...
buffer = with_output_buffer { value = yield(*args) }
if string = buffer.presence || value and string.is_a?(String)
- NonConcattingString.new(string)
+ NonConcattingString.new(*ERB::Util.html_escape(string)*)
end
end
if I put bac k the NonConcattingString.new(string) it works (at least for
me)
don't know the implications though, wdyt?
jk
2011/2/10 Joaquin Rivera Padron <[email protected]>
> yes, if by 3-0-stable you mean 3.0.0, yes it works
>
> thanks for the "ping offer", I'll let you know if anything, but I won't
> (can't) be full time chasing the bug :-(
>
> jk
>
> 2011/2/10 Santiago Pastorino <[email protected]>
>
> Great, ping me if I can help you.
>> BTW did you tried 3-0-stable?
>>
>> On Thu, Feb 10, 2011 at 9:51 AM, Joaquin Rivera Padron
>> <[email protected]> wrote:
>> > for me are broken also versions 3.0.4, 3.0.4.rc1, 3.0.3 and 3.0.2
>> > ok is 3.0.1, will keep digging then
>> > jk
>> >
>> > 2011/2/9 Brian Morearty <[email protected]>
>> >>
>> >> Yes, I saw something similar when I upgraded to 3.0.4 this morning. I
>> >> didn't have a chance to debug it so for the moment I went back to
>> >> 3.0.1. I wasn't sure if it was my doing so I didn't say anything on
>> >> this list.
>> >>
>> >> I have a helper function that returns an HTML string. The function
>> >> calls .html_safe before returning. That worked in 3.0.1 but in 3.0.4
>> >> it is being escaped in the output.
>> >>
>> >> I also tried adding .html_safe to the .html.erb file (double-safe it)
>> >> but to no avail.
>> >>
>> >> I was not able to reproduce it in a simple case though, even in very
>> >> same function.
>> >>
>> >> Brian
>> >>
>> >>
>> >> On Feb 9, 1:06 pm, Joaquin Rivera Padron <[email protected]> wrote:
>> >> > hello,
>> >> > I have today updated my rails app to 3.0.4 security release but now
>> this
>> >> >
>> >> > yield :javascripts
>> >> >
>> >> > fails in the layout and I get my custom js escaped as text in the
>> view.
>> >> >
>> >> > anybody seeing this also?
>> >> >
>> >> > tia,
>> >> > jk
>> >> >
>> >> > --www.least-significant-bit.com
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "Ruby on Rails: Core" group.
>> >> To post to this group, send email to [email protected]
>> .
>> >> To unsubscribe from this group, send email to
>> >> [email protected].
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/rubyonrails-core?hl=en.
>> >>
>> >
>> >
>> >
>> > --
>> > www.least-significant-bit.com
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Ruby on Rails: Core" group.
>> > To post to this group, send email to [email protected].
>> > To unsubscribe from this group, send email to
>> > [email protected].
>> > For more options, visit this group at
>> > http://groups.google.com/group/rubyonrails-core?hl=en.
>> >
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ruby on Rails: Core" group.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/rubyonrails-core?hl=en.
>>
>>
>
>
> --
> www.least-significant-bit.com
>
--
www.least-significant-bit.com
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.
