From 5a90b6d0b52cbe419ba2f6d3f7f693beecd4d5d0 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Fri, 31 May 2013 20:47:38 +0000
Subject: [PATCH] Fixed that project name is not properly escaped in issue
 filters (#14186).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11915 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/queries/_filters.html.erb          |  2 +-
 test/unit/helpers/application_helper_test.rb | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/app/views/queries/_filters.html.erb b/app/views/queries/_filters.html.erb
index 795f8075f..ba5d2dbae 100644
--- a/app/views/queries/_filters.html.erb
+++ b/app/views/queries/_filters.html.erb
@@ -3,7 +3,7 @@ var operatorLabels = <%= raw_json Query.operators_labels %>;
 var operatorByType = <%= raw_json Query.operators_by_filter_type %>;
 var availableFilters = <%= raw_json query.available_filters_as_json %>;
 var labelDayPlural = <%= raw_json l(:label_day_plural) %>;
-var allProjects = <%= raw query.all_projects_values.to_json %>;
+var allProjects = <%= raw_json query.all_projects_values %>;
 $(document).ready(function(){
   initFilters();
   <% query.filters.each do |field, options| %>
diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb
index d4b030d0a..18d0372c3 100644
--- a/test/unit/helpers/application_helper_test.rb
+++ b/test/unit/helpers/application_helper_test.rb
@@ -1219,4 +1219,14 @@ RAW
   def test_javascript_include_tag_for_plugin_should_pick_the_plugin_javascript
     assert_match 'src="/plugin_assets/foo/javascripts/scripts.js"', javascript_include_tag("scripts", :plugin => :foo)
   end
+
+  def test_raw_json_should_escape_closing_tags
+    s = raw_json(["<foo>bar</foo>"])
+    assert_equal '["<foo>bar<\/foo>"]', s
+  end
+
+  def test_raw_json_should_be_html_safe
+    s = raw_json(["foo"])
+    assert s.html_safe?
+  end
 end