This project is archived and is in readonly mode.

#714 ✓duplicate
Kieran P

Problem with attribute escaping (sanitized.rb) +patch

Reported by Kieran P | July 28th, 2008 @ 07:21 AM | in 2.x

When you have a URL with an ampersand in an attribute, it is escape each time you edit that field. What happens over time is the escaped ampersand also get escaped, resulting in something like this:

&

V

&

V

&

V

&

V

etc

When used in conjunction with things like TinyMCE, it makes it impossible to have links (that is, <a href=""> tags with an & in the href attribute) in the body.

(note though that this does happen without TinyMCE, but its more noticeable with TinyMCE because it escapes URLs automatically before it gets to Rails, so the link is broken when a record is made).

I have an attached a simple fix which when applied to my code, fixed all the problems I encountered. Basically, you turn &amp; to & and back to &amp;. How this fixes the issue is already escaped data is changed back, and then re-escaped, preventing escape build up.

Hope this helps.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Pages