This project is archived and is in readonly mode.

#216 ✓resolved
Frederick Cheung

observe_field should escape the parameter it is submitting

Reported by Frederick Cheung | May 17th, 2008 @ 07:14 PM

The base forms of observe_field wind up with us generating javascript like

  parameters: 'q=' + value

value here is just the form elements value, which hasn't been escaped. It should be passed through encodeURIComponent or else the parameters get borked if you type an ampersand in the observed field.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Attachments

Pages