Fixed JSON escaping of filters (#11929).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@10465 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 10 insertions, 5 deletions

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index dc65edabd..bcccfd29b 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1029,6 +1029,11 @@ module ApplicationHelper
     content_tag(:a, name, {:href => '#', :onclick => "#{function}; return false;"}.merge(html_options))
   end
 
+  # Helper to render JSON in views
+  def raw_json(arg)
+    arg.to_json.to_s.gsub('/', '\/').html_safe
+  end
+
   def back_url
     url = params[:back_url]
     if url.nil? && referer = request.env['HTTP_REFERER']
diff --git a/app/views/queries/_filters.html.erb b/app/views/queries/_filters.html.erb
index 80b06c10a..f9e371b7e 100644
--- a/app/views/queries/_filters.html.erb
+++ b/app/views/queries/_filters.html.erb
@@ -1,12 +1,12 @@
 <%= javascript_tag do %>
-var operatorLabels = <%= raw Query.operators_labels.to_json %>;
-var operatorByType = <%= raw Query.operators_by_filter_type.to_json %>;
-var availableFilters = <%= raw query.available_filters_as_json.to_json %>;
-var labelDayPlural = "<%= raw escape_javascript(l(:label_day_plural)) %>";
+var operatorLabels = <%= raw_json Query.operators_labels %>;
+var operatorByType = <%= raw_json Query.operators_by_filter_type %>;
+var availableFilters = <%= raw_json query.available_filters_as_json %>;
+var labelDayPlural = <%= raw_json l(:label_day_plural) %>;
 $(document).ready(function(){
   initFilters();
   <% query.filters.each do |field, options| %>
-  addFilter("<%= field %>", <%= raw query.operator_for(field).to_json %>, <%= raw query.values_for(field).to_json %>);
+  addFilter("<%= field %>", <%= raw_json query.operator_for(field) %>, <%= raw_json query.values_for(field) %>);
   <% end %>
 });
 <% end %>