I'll try to run the tests in 3.0.2 with that change to see if (what) breaks
2011/2/10 Joaquin Rivera Padron <[email protected]> > 2011/2/10 Joaquin Rivera Padron <[email protected]> > >> hi, >> I diff-ed 3.0.0 with 3.0.1 and I got this >> > > sorry I meant diff-ed 3.0.1 to 3.0.2 > > >> >> diff --git a/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb >> b/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb >> index 142cd08..fb2118a 100644 >> --- a/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb >> +++ b/actionpack/lib/action_dispatch/routing/polymorphic_routes.rb >> @@ -17,7 +17,7 @@ module ActionDispatch >> # >> ...skipping... >> buffer = with_output_buffer { value = yield(*args) } >> if string = buffer.presence || value and string.is_a?(String) >> - NonConcattingString.new(string) >> + NonConcattingString.new(*ERB::Util.html_escape(string)*) >> end >> end >> >> if I put bac k the NonConcattingString.new(string) it works (at least for >> me) >> >> don't know the implications though, wdyt? >> >> jk >> >> 2011/2/10 Joaquin Rivera Padron <[email protected]> >> >> yes, if by 3-0-stable you mean 3.0.0, yes it works >>> >>> thanks for the "ping offer", I'll let you know if anything, but I won't >>> (can't) be full time chasing the bug :-( >>> >>> jk >>> >>> 2011/2/10 Santiago Pastorino <[email protected]> >>> >>> Great, ping me if I can help you. >>>> BTW did you tried 3-0-stable? >>>> >>>> On Thu, Feb 10, 2011 at 9:51 AM, Joaquin Rivera Padron >>>> <[email protected]> wrote: >>>> > for me are broken also versions 3.0.4, 3.0.4.rc1, 3.0.3 and 3.0.2 >>>> > ok is 3.0.1, will keep digging then >>>> > jk >>>> > >>>> > 2011/2/9 Brian Morearty <[email protected]> >>>> >> >>>> >> Yes, I saw something similar when I upgraded to 3.0.4 this morning. I >>>> >> didn't have a chance to debug it so for the moment I went back to >>>> >> 3.0.1. I wasn't sure if it was my doing so I didn't say anything on >>>> >> this list. >>>> >> >>>> >> I have a helper function that returns an HTML string. The function >>>> >> calls .html_safe before returning. That worked in 3.0.1 but in 3.0.4 >>>> >> it is being escaped in the output. >>>> >> >>>> >> I also tried adding .html_safe to the .html.erb file (double-safe it) >>>> >> but to no avail. >>>> >> >>>> >> I was not able to reproduce it in a simple case though, even in very >>>> >> same function. >>>> >> >>>> >> Brian >>>> >> >>>> >> >>>> >> On Feb 9, 1:06 pm, Joaquin Rivera Padron <[email protected]> wrote: >>>> >> > hello, >>>> >> > I have today updated my rails app to 3.0.4 security release but now >>>> this >>>> >> > >>>> >> > yield :javascripts >>>> >> > >>>> >> > fails in the layout and I get my custom js escaped as text in the >>>> view. >>>> >> > >>>> >> > anybody seeing this also? >>>> >> > >>>> >> > tia, >>>> >> > jk >>>> >> > >>>> >> > --www.least-significant-bit.com >>>> >> >>>> >> -- >>>> >> You received this message because you are subscribed to the Google >>>> Groups >>>> >> "Ruby on Rails: Core" group. >>>> >> To post to this group, send email to >>>> [email protected]. >>>> >> To unsubscribe from this group, send email to >>>> >> [email protected]. >>>> >> For more options, visit this group at >>>> >> http://groups.google.com/group/rubyonrails-core?hl=en. >>>> >> >>>> > >>>> > >>>> > >>>> > -- >>>> > www.least-significant-bit.com >>>> > >>>> > -- >>>> > You received this message because you are subscribed to the Google >>>> Groups >>>> > "Ruby on Rails: Core" group. >>>> > To post to this group, send email to >>>> [email protected]. >>>> > To unsubscribe from this group, send email to >>>> > [email protected]. >>>> > For more options, visit this group at >>>> > http://groups.google.com/group/rubyonrails-core?hl=en. >>>> > >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ruby on Rails: Core" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/rubyonrails-core?hl=en. >>>> >>>> >>> >>> >>> -- >>> www.least-significant-bit.com >>> >> >> >> >> -- >> www.least-significant-bit.com >> > > > > -- > www.least-significant-bit.com > -- www.least-significant-bit.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
