From e0cbfe24a5d1ac9d87c80f1a4a2c379613190411 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 27 Oct 2009 00:59:38 +0000 Subject: [PATCH] Escape non-ascii characters in exported HTML. Closes #2075. --- app/helpers/application_helper.rb | 8 ++++++++ app/views/export/start.rjs | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index bee4f9ce2..ab0ba82a8 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -3,6 +3,14 @@ module ApplicationHelper return sanitize(auto_link(simple_format(text), :urls)) end + def html_escape_unicode(text) + chars = ActiveSupport::Multibyte::Chars.u_unpack(text).map do |c| + c < 127 ? c.chr : "&##{c.to_s};" + end + + return chars.join("") + end + def rss_link_to(*args) return link_to(image_tag("RSS.gif", :size => "16x16", :border => 0), Hash[*args], { :class => "rsssmall" }); end diff --git a/app/views/export/start.rjs b/app/views/export/start.rjs index c146e236d..3c6722044 100644 --- a/app/views/export/start.rjs +++ b/app/views/export/start.rjs @@ -248,7 +248,7 @@ page << <'+"#{I18n.t('export.start_rjs.view_larger_map')}"+''; + html += '
'+"#{html_escape_unicode(I18n.t('export.start_rjs.view_larger_map'))}"+''; $("export_html_text").value = html; -- 2.39.5