#2586 2.3.2 text_area_tag doesn't sanitize the id attribute - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2586 ✓duplicate

2.3.2 text_area_tag doesn't sanitize the id attribute

Reported by Gabriel Sobrinho | April 30th, 2009 @ 07:52 PM | in 2.x

Hello,

Rails version 2.3.2 have a bug on text_area_tag which doesn't sanitize the id attribute. See:


text_area_tag('contact[message]', '', :size => '45x15')

The id attribute should be "contact_message", but the Rails isn't sanitizing it... Well, that is setted to 'contact[message]' literal.

The patch is in form_tag_helper.rb, line 260, change from:


content_tag :textarea, content, { "name" => name, "id" => name }.update(options.stringify_keys)


content_tag :textarea, content, { "name" => name, "id" => sanitize_to_id(name) }.update(options.stringify_keys)

Thank you

You flagged this item as spam.
Gabriel Sobrinho April 30th, 2009 @ 08:00 PM
- Tag set to “2.3.2, action_view”
Matt Jones May 14th, 2009 @ 08:13 PM
- State changed from “new” to “duplicate”
Duplicate of #1703 (and #1802).

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>