From 6ca74255f86402b7d46142319fb11a8b7f54cff8 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Tue, 28 Jan 2014 10:07:44 -0300 Subject: [PATCH] rails3: fix json escape for profile views --- app/views/profile/_comment.html.erb | 2 +- app/views/profile/_create_article.html.erb | 2 +- app/views/profile/_default_activity.html.erb | 2 +- app/views/profile/_leave_scrap.html.erb | 2 +- app/views/profile/_profile_scrap.html.erb | 2 +- app/views/profile/_profile_scraps.html.erb | 2 +- app/views/profile/_upload_image.html.erb | 2 +- app/views/profile/report_abuse.html.erb | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/views/profile/_comment.html.erb b/app/views/profile/_comment.html.erb index 3bd3a71..cb0afee 100644 --- a/app/views/profile/_comment.html.erb +++ b/app/views/profile/_comment.html.erb @@ -46,7 +46,7 @@ <% if logged_in? && (user == profile || user == comment.author || user.has_permission?(:moderate_comments, profile)) %> <% button_bar(:style => 'float: right; margin-top: 0px;') do %> - <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.article-comment'", url_for(:profile => params[:profile], :action => :remove_comment, :comment_id => comment.id, :view => params[:view]).to_json, _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'button icon-button icon-delete') %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.article-comment'", j(url_for(:profile => params[:profile], :action => :remove_comment, :comment_id => comment.id, :view => params[:view]).to_json), _('Are you sure you want to remove this comment and all its replies?').to_json], :class => 'button icon-button icon-delete') %> <% end %> <% end %>
diff --git a/app/views/profile/_create_article.html.erb b/app/views/profile/_create_article.html.erb index 5e06034..00e05c6 100644 --- a/app/views/profile/_create_article.html.erb +++ b/app/views/profile/_create_article.html.erb @@ -15,7 +15,7 @@

<%= time_ago_as_sentence(activity.created_at) %>

<%= link_to s_('profile|Comment'), '#', { :class => 'focus-on-comment'} %> - <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :only_hide => true, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", j(url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :only_hide => true, :view => params[:view]).to_json), _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
diff --git a/app/views/profile/_default_activity.html.erb b/app/views/profile/_default_activity.html.erb index 9f1be9c..fb2e133 100644 --- a/app/views/profile/_default_activity.html.erb +++ b/app/views/profile/_default_activity.html.erb @@ -6,7 +6,7 @@

<%= time_ago_as_sentence(activity.created_at) %>

<%= link_to s_('profile|Comment'), '#', { :class => 'focus-on-comment'} %> - <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", j(url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json), j(_('Are you sure you want to remove this activity and all its replies?').to_json)]) if logged_in? && current_person == @profile %>
diff --git a/app/views/profile/_leave_scrap.html.erb b/app/views/profile/_leave_scrap.html.erb index 03aaec3..4e6a365 100644 --- a/app/views/profile/_leave_scrap.html.erb +++ b/app/views/profile/_leave_scrap.html.erb @@ -5,7 +5,7 @@

<%= link_to activity.user.name, activity.user.url %> <%= describe activity %>

<%= time_ago_as_sentence(activity.created_at) %>

- <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", j(url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json), _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
diff --git a/app/views/profile/_profile_scrap.html.erb b/app/views/profile/_profile_scrap.html.erb index ef6231c..f26d0c2 100644 --- a/app/views/profile/_profile_scrap.html.erb +++ b/app/views/profile/_profile_scrap.html.erb @@ -12,7 +12,7 @@ <%= link_to_function s_('profile|Comment'), "hide_and_show(['#profile-wall-message-response-#{scrap.id}'],['#profile-wall-reply-#{scrap.id}', '#profile-wall-reply-form-#{scrap.id}']);$('reply_content_#{scrap.id}').value='';$('reply_content_#{scrap.id}').focus();return false", :class => "profile-send-reply" %> <% end %> - <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_scrap, :scrap_id => scrap.id, :view => params[:view]).to_json, _('Are you sure you want to remove this scrap and all its replies?').to_json]) if logged_in? && user.can_control_scrap?(scrap) %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", j(url_for(:profile => params[:profile], :action => :remove_scrap, :scrap_id => scrap.id, :view => params[:view]).to_json), _('Are you sure you want to remove this scrap and all its replies?').to_json]) if logged_in? && user.can_control_scrap?(scrap) %> diff --git a/app/views/profile/_profile_scraps.html.erb b/app/views/profile/_profile_scraps.html.erb index aab0f70..88b094c 100644 --- a/app/views/profile/_profile_scraps.html.erb +++ b/app/views/profile/_profile_scraps.html.erb @@ -12,7 +12,7 @@ <%= link_to_function s_('profile|Comment'), "hide_and_show(['#profile-wall-message-response-#{scrap.id}'],['#profile-wall-reply-#{scrap.id}', '#profile-wall-reply-form-#{scrap.id}']);$('reply_content_#{scrap.id}').value='';$('reply_content_#{scrap.id}').focus();return false", :class => "profile-send-reply" %> <% end %> - <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_scrap, :scrap_id => scrap.id, :view => params[:view]).to_json, _('Are you sure you want to remove this scrap and all its replies?').to_json]) if logged_in? && user.can_control_scrap?(scrap) %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", j(url_for(:profile => params[:profile], :action => :remove_scrap, :scrap_id => scrap.id, :view => params[:view]).to_json), _('Are you sure you want to remove this scrap and all its replies?').to_json]) if logged_in? && user.can_control_scrap?(scrap) %> diff --git a/app/views/profile/_upload_image.html.erb b/app/views/profile/_upload_image.html.erb index ab2e901..e17ed18 100644 --- a/app/views/profile/_upload_image.html.erb +++ b/app/views/profile/_upload_image.html.erb @@ -6,7 +6,7 @@

<%= link_to activity.user.name, activity.user.url %> <%= describe activity %>

<%= time_ago_as_sentence(activity.created_at) %>

- <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json, _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %> + <%= link_to_function(_('Remove'), 'remove_item_wall(this, %s, %s, %s); return false ;' % ["'.profile-activity-item'", j(url_for(:profile => params[:profile], :action => :remove_activity, :activity_id => activity.id, :view => params[:view]).to_json), _('Are you sure you want to remove this activity and all its replies?').to_json]) if logged_in? && current_person == @profile %>
diff --git a/app/views/profile/report_abuse.html.erb b/app/views/profile/report_abuse.html.erb index 29a58e9..24f1694 100644 --- a/app/views/profile/report_abuse.html.erb +++ b/app/views/profile/report_abuse.html.erb @@ -24,7 +24,7 @@ $('#report-abuse-submit-button').css('cursor', 'progress'); $.ajax({ type: 'POST', - url: <%= url_for({:controller => 'profile', :action => 'register_report', :profile => profile.identifier}).to_json %>, + url: <%= j(url_for({:controller => 'profile', :action => 'register_report', :profile => profile.identifier}).to_json) %>, data: $(form).serialize(), dataType: 'json', success: function(data, status, ajax){ -- libgit2 0.21.2