#216 observe_field should escape the parameter it is submitting - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#216 ✓resolved

observe_field should escape the parameter it is submitting

Reported by Frederick Cheung | May 17th, 2008 @ 07:14 PM

The base forms of observe_field wind up with us generating javascript like

  parameters: 'q=' + value

value here is just the form elements value, which hasn't been escaped. It should be passed through encodeURIComponent or else the parameters get borked if you type an ampersand in the observed field.

0003-Ensure-form-observer-properly-encodes-the-parameter.patch 2.5 KB

Comments and changes to this ticket

Repository May 19th, 2008 @ 10:32 AM
- State changed from “new” to “resolved”
(from [17d1319c480e58e28641b243da50ae5e5eab89dc]) Ensure observe_field encodes value parameter. [#216 state:resolved]
Signed-off-by: Pratik Naik
http://github.com/rails/rails/co...

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

People watching this ticket

Attachments

0003-Ensure-form-observer-p... 2.5 KB

Rails Ruby on Rails

observe_field should escape the parameter it is submitting

Comments and changes to this ticket

Repository May 19th, 2008 @ 10:32 AM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Attachments

Tags

Pages

Rails Ruby on Rails

Keyword searching

observe_field should escape the parameter it is submitting

Comments and changes to this ticket

Repository May 19th, 2008 @ 10:32 AM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Attachments

Tags

Pages