Commits

pjenvey  committed 27f35a1

[svn] o only hex encode alphanumeric email_address characters in mail_to
o Sync'd url helper to 6070
- fix button_to double escaping issue by using escape_once
- mail_to hex encode option now also encodes the mailto: portion of the href
attribute as well as the linked email when no name is given

  • Participants
  • Parent commits b225d70

Comments (0)

Files changed (2)

File tests/test_url.py

     def test_button_to_with_query(self):
         self.assertEqual("<form method=\"post\" action=\"http://www.example.com/q1=v1&amp;q2=v2\" class=\"button-to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>", 
                button_to("Hello", "http://www.example.com/q1=v1&q2=v2"))
+
+    def test_button_to_with_escaped_query(self):
+        self.assertEqual("<form method=\"post\" action=\"http://www.example.com/q1=v1&amp;q2=v2\" class=\"button-to\"><div><input type=\"submit\" value=\"Hello\" /></div></form>",
+                         button_to("Hello", "http://www.example.com/q1=v1&amp;q2=v2"))
     
     def test_button_to_with_query_and_no_name(self):
         self.assertEqual("<form method=\"post\" action=\"http://www.example.com?q1=v1&amp;q2=v2\" class=\"button-to\"><div><input type=\"submit\" value=\"http://www.example.com?q1=v1&amp;q2=v2\" /></div></form>", 
                         mail_to('feedback@example.com', '<img src="/feedback.png" />'))
 
     def test_mail_to_with_hex(self):
-        self.assertEqual('<a href="mailto:%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d">My email</a>',
-                        mail_to("me@domain.com", "My email", encode = "hex"))
+        self.assertEqual("<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">My email</a>",
+                         mail_to("me@domain.com", "My email", encode = "hex"))
+        self.assertEqual("<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">&#109;&#101;&#64;&#100;&#111;&#109;&#97;&#105;&#110;&#46;&#99;&#111;&#109;</a>",
+                         mail_to("me@domain.com", None, encode = "hex"))
 
     def test_mail_to_with_replace_options(self):
         self.assertEqual('<a href="mailto:wolfgang@stufenlos.net">wolfgang(at)stufenlos(dot)net</a>',
                         mail_to("wolfgang@stufenlos.net", None, replace_at="(at)", replace_dot="(dot)"))
-        self.assertEqual('<a href="mailto:%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d">me(at)domain.com</a>',
-                        mail_to("me@domain.com", None, encode="hex", replace_at="(at)"))
-        self.assertEqual('<a href="mailto:%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d">My email</a>',
-                        mail_to("me@domain.com", "My email", encode="hex", replace_at="(at)"))
-        self.assertEqual('<a href="mailto:%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d">me(at)domain(dot)com</a>', mail_to("me@domain.com", None, encode="hex", replace_at="(at)", replace_dot="(dot)"))
+        self.assertEqual("<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">&#109;&#101;&#40;&#97;&#116;&#41;&#100;&#111;&#109;&#97;&#105;&#110;&#46;&#99;&#111;&#109;</a>",
+                         mail_to("me@domain.com", None, encode = "hex", replace_at = "(at)"))
+        self.assertEqual("<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">My email</a>",
+                         mail_to("me@domain.com", "My email", encode = "hex", replace_at = "(at)"))
+        self.assertEqual("<a href=\"&#109;&#97;&#105;&#108;&#116;&#111;&#58;%6d%65@%64%6f%6d%61%69%6e.%63%6f%6d\">&#109;&#101;&#40;&#97;&#116;&#41;&#100;&#111;&#109;&#97;&#105;&#110;&#40;&#100;&#111;&#116;&#41;&#99;&#111;&#109;</a>",
+                         mail_to("me@domain.com", None, encode = "hex", replace_at = "(at)", replace_dot = "(dot)"))
         self.assertEqual("<script type=\"text/javascript\">\n//<![CDATA[\neval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%6d%65%40%64%6f%6d%61%69%6e%2e%63%6f%6d%22%3e%4d%79%20%65%6d%61%69%6c%3c%2f%61%3e%27%29%3b'))\n//]]>\n</script>",
-                        mail_to("me@domain.com", "My email", encode="javascript", replace_at="(at)", replace_dot="(dot)"))
+                         mail_to("me@domain.com", "My email", encode = "javascript", replace_at = "(at)", replace_dot = "(dot)"))
 
 if __name__ == '__main__':
     suite = [unittest.makeSuite(TestURLHelper)]

File webhelpers/rails/urls.py

 # Last synced with Rails copy at Revision 4914 on Sep 4th, 2006.
 
 import cgi
+import re
 import urllib
 
+from routes import url_for, request_config
+
+import tags
+from javascript import *
 from webhelpers.util import html_escape
 
-from routes import url_for, request_config
-from javascript import *
-import tags
-
 def get_url(url):
     if callable(url):
         return url()
     
     if callable(url):
         ur = url()
-        url, name = ur, name or html_escape(ur)
+        url, name = ur, name or tags.escape_once(ur)
     else:
         url, name = url, name or url
     
     html_options.update(dict(type='submit', value=name))
     
     return """<form method="%s" action="%s" class="button-to"><div>""" % \
-        (form_method, html_escape(url)) + method_tag + tags.tag("input", **html_options) + "</div></form>"
+        (form_method, tags.escape_once(url)) + method_tag + \
+        tags.tag("input", **html_options) + "</div></form>"
 
 def link_to_unless_current(name, url, **html_options):
     """
         if option:
             extras[key] = option
     options_query = urllib.urlencode(extras).replace("+", "%20")
+    protocol = 'mailto:'
 
     email_address_obfuscated = email_address
     if replace_at:
     if replace_dot:
         email_address_obfuscated = email_address_obfuscated.replace('.', replace_dot)
 
-    if encode=='hex':
-        email_address = ''.join(['%%%x' % ord(x) for x in email_address])
+    if encode == 'hex':
+        email_address_obfuscated = ''.join(['&#%d;' % ord(x) for x in email_address_obfuscated])
+        protocol = ''.join(['&#%d;' % ord(x) for x in protocol])
 
-    url = 'mailto:' + email_address
+        word_re = re.compile('\w')
+        encoded_parts = []
+        for x in email_address:
+            if word_re.match(x):
+                encoded_parts.append('%%%x' % ord(x))
+            else:
+                encoded_parts.append(x)
+        email_address = ''.join(encoded_parts)
+
+    url = protocol + email_address
     if options_query:
         url += '?' + options_query
     html_options['href'] = url
 
     tag = tags.content_tag('a', name or email_address_obfuscated, **html_options)
 
-    if encode =='javascript':
+    if encode == 'javascript':
         tmp = "document.write('%s');" % tag
         string = ''.join(['%%%x' % ord(x) for x in tmp])
         return javascript_tag("eval(unescape('%s'))" % string)