content_tag(:a, name, {:href => '#', :onclick => "#{function}; return false;"}.merge(html_options))
end
+ # Helper to render JSON in views
+ def raw_json(arg)
+ arg.to_json.to_s.gsub('/', '\/').html_safe
+ end
+
def back_url
url = params[:back_url]
if url.nil? && referer = request.env['HTTP_REFERER']
<%= javascript_tag do %>
-var operatorLabels = <%= raw Query.operators_labels.to_json %>;
-var operatorByType = <%= raw Query.operators_by_filter_type.to_json %>;
-var availableFilters = <%= raw query.available_filters_as_json.to_json %>;
-var labelDayPlural = "<%= raw escape_javascript(l(:label_day_plural)) %>";
+var operatorLabels = <%= raw_json Query.operators_labels %>;
+var operatorByType = <%= raw_json Query.operators_by_filter_type %>;
+var availableFilters = <%= raw_json query.available_filters_as_json %>;
+var labelDayPlural = <%= raw_json l(:label_day_plural) %>;
$(document).ready(function(){
initFilters();
<% query.filters.each do |field, options| %>
- addFilter("<%= field %>", <%= raw query.operator_for(field).to_json %>, <%= raw query.values_for(field).to_json %>);
+ addFilter("<%= field %>", <%= raw_json query.operator_for(field) %>, <%= raw_json query.values_for(field) %>);
<% end %>
});
<% end %>
case "date":
case "date_past":
tr.find('td.values').append(
- '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="10" class="value date_value" value="'+values[0]+'" /></span>' +
- ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="10" class="value date_value" value="'+values[1]+'" /></span>' +
- ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="3" class="value" value="'+values[0]+'" /> '+labelDayPlural+'</span>'
+ '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="10" class="value date_value" /></span>' +
+ ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="10" class="value date_value" /></span>' +
+ ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="3" class="value" /> '+labelDayPlural+'</span>'
);
$('#values_'+fieldId+'_1').val(values[0]).datepicker(datepickerOptions);
$('#values_'+fieldId+'_2').val(values[1]).datepicker(datepickerOptions);
case "string":
case "text":
tr.find('td.values').append(
- '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="30" class="value" value="'+values[0]+'" /></span>'
+ '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'" size="30" class="value" /></span>'
);
$('#values_'+fieldId).val(values[0]);
break;
case "integer":
case "float":
tr.find('td.values').append(
- '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="6" class="value" value="'+values[0]+'" /></span>' +
- ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="6" class="value" value="'+values[1]+'" /></span>'
+ '<span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_1" size="6" class="value" /></span>' +
+ ' <span style="display:none;"><input type="text" name="v['+field+'][]" id="values_'+fieldId+'_2" size="6" class="value" /></span>'
);
$('#values_'+fieldId+'_1').val(values[0]);
$('#values_'+fieldId+'_2').val(values[1]);
assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :set_filter => 1, :query_id => nil
assert_nil Query.find_by_id(1)
end
+
+ def test_backslash_should_be_escaped_in_filters
+ @request.session[:user_id] = 2
+ get :new, :subject => 'foo/bar'
+ assert_response :success
+ assert_template 'new'
+ assert_include 'addFilter("subject", "=", ["foo\/bar"]);', response.body
+ end
end
projects / redmine.git / commitdiff