This project is archived and is in readonly mode.

#3312 ✓stale
Phil Ross

[PATCH] remote_function shouldn't escape string urls

Reported by Phil Ross | October 2nd, 2009 @ 12:34 PM

When a URL specified as a hash is passed to remote_function, it (correctly) does not HTML-escape the URL in the output:

  remote_function(:url => {:action => "whatnot", :a => 10, :b => 20})

results in:

  new Ajax.Request('', {asynchronous:true, evalScripts:true})

However, when a string is specified, the URL is escaped:

  remote_function(:url => '')

results in:

  new Ajax.Request('', {asynchronous:true, evalScripts:true})

This results in a problem when using named routes with remote_function in

The attached patch causes string URLs to no longer be HTML-escaped. It applies cleanly against master and 2-3-stable.

Note that this is similar to #2593 which adds an :escape_url option.

Comments and changes to this ticket

  • Phil Ross

    Phil Ross October 2nd, 2009 @ 12:36 PM

    I've just looked at #2593 more closely. #2593 is about disabling the escape_javascript part of remote_function, which isn't related to this issue.

  • Rohit Arondekar

    Rohit Arondekar October 6th, 2010 @ 06:41 AM

    • State changed from “new” to “stale”
    • Importance changed from “” to “”

    Marking ticket as stale. If this is still an issue please leave a comment with suggested changes, creating a patch with tests, rebasing an existing patch or just confirming the issue on a latest release or master/branches.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>