Merge branch 'master' into moktins_master

Author: gazay

.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - 1.9.3
+  - jruby-18mode # JRuby in 1.8 mode
+  - jruby-19mode # JRuby in 1.9 mode
+  - rbx-18mode
+  - rbx-19mode
+# uncomment this line if your project needs to run something other than `rake`:
+# script: bundle exec rspec spec

README.md

@@ -3,6 +3,8 @@
 ![Gon. You should try this. If you look closer - you will see an elephant.](https://github.com/gazay/gon/raw/master/doc/logo_small.png)
 
 
+### Build Status ![http://travis-ci.org/gazay/gon](https://secure.travis-ci.org/gazay/gon.png)
+
 If you need to send some data to your js files and you don't want to do this with long way through views and parsing - use this force!
 
 Now with [Jbuilder](https://github.com/rails/jbuilder) and [Rabl](https://github.com/nesquena/rabl) support!
@@ -24,7 +26,7 @@ you might be doing something like this:
   3. Then there can be two ways in js:
     + if you previously wrote data in data
      attributes - you should parse this attributes and write data to some
-  js variable. 
+  js variable.
     + if you wrote js right in view (many frontenders would shame you for
   that) - you just use data from this js - OK.
   4. You can use your data in your js
@@ -285,13 +287,13 @@ wouldn't work. You can read about this in common usage above.
 Puts this line into `Gemfile` then run `$ bundle`:
 
 ``` ruby
-gem 'gon', '2.1.0'
+gem 'gon', '2.1.2'
 ```
 
 Or if you are old-school Rails 2 developer put this into `config/environment.rb` and run `$ rake gems:install`:
 
 ``` ruby
-config.gem 'gon', :version => '2.1.0'
+config.gem 'gon', :version => '2.1.2'
 ```
 
 Or manually install gon gem: `$ gem install gon`

Rakefile

@@ -1,4 +1,9 @@
 require 'rubygems'
 require 'rake'
 require 'bundler'
-Bundler::GemHelper.install_tasks
+Bundler::GemHelper.install_tasks
+
+desc 'Run all tests by default'
+task :default do
+  system("rspec spec")
+end

gon.gemspec

@@ -23,4 +23,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency "rabl"
   s.add_development_dependency "rspec"
   s.add_development_dependency "jbuilder"
+  s.add_development_dependency "rake"
 end

lib/gon.rb

@@ -5,6 +5,7 @@
 require 'action_view'
 require 'action_controller'
 require 'gon/helpers'
+require 'gon/escaper'
 if defined?(Rabl)
   require 'gon/rabl'
 end
@@ -16,16 +17,16 @@ module Gon
   class << self
 
     def all_variables
-      @request_env[:gon]
+      @request_env['gon']
     end
 
     def clear
-      @request_env[:gon] = {}
+      @request_env['gon'] = {}
     end
 
     def request_env=(environment)
       @request_env = environment
-      @request_env[:gon] ||= {}
+      @request_env['gon'] ||= {}
     end
 
     def request_env
@@ -54,11 +55,11 @@ def method_missing(m, *args, &block)
     end
 
     def get_variable(name)
-      @request_env[:gon][name]
+      @request_env['gon'][name]
     end
 
     def set_variable(name, value)
-      @request_env[:gon][name] = value
+      @request_env['gon'][name] = value
     end
 
     %w(rabl jbuilder).each do |builder_name|

lib/gon/escaper.rb

@@ -0,0 +1,20 @@
+module Gon
+  module Escaper
+    class << self
+
+      GON_JS_ESCAPE_MAP = {
+        '</'    => '<\/'
+      }
+
+      def escape(javascript)
+        if javascript
+          result = javascript.gsub(/(<\/)/u) {|match| GON_JS_ESCAPE_MAP[match] }
+          javascript.html_safe? ? result.html_safe : result
+        else
+          ''
+        end
+      end
+
+    end
+  end
+end

lib/gon/helpers.rb

@@ -6,11 +6,13 @@ def self.included base
     end
 
     module InstanceMethods
+
       def include_gon(options = {})
-        if Gon.request_env && Gon.all_variables.present?
+        if Gon.request_env && Gon.all_variables.present? && Gon.request == request.object_id
           data = Gon.all_variables
           namespace = options[:namespace] || 'gon'
-          script = '<script>window.' + namespace + ' = {};'
+          start = '<script>window.' + namespace + ' = {};'
+          script = ''
           if options[:camel_case]
             data.each do |key, val|
               script << namespace + '.' + key.to_s.camelize(:lower) + '=' + val.to_json + ';'
@@ -20,31 +22,35 @@ def include_gon(options = {})
               script << namespace + '.' + key.to_s + '=' + val.to_json + ';'
             end
           end
-          script << '</script>'
+          script = start + Gon::Escaper.escape(script) + '</script>'
           script.html_safe
         else
           ""
         end
       end
+
     end
   end
 
   module GonHelpers
+
     def self.included base
       base.send(:include, InstanceMethods)
     end
 
     module InstanceMethods
+
       def gon
         if !Gon.request_env || Gon.request != request.object_id
           Gon.request = request.object_id
           Gon.request_env = request.env
         end
         Gon
       end
+
     end
-  end
 
+  end
 end
 
 ActionView::Base.send :include, Gon::Helpers

lib/gon/version.rb

@@ -1,3 +1,3 @@
 module Gon
-  VERSION = '2.1.0'
+  VERSION = '2.1.2'
 end

spec/gon/gon_spec.rb

@@ -26,19 +26,43 @@
     Gon.klass = Hash
   end
 
-  it 'output as js correct' do
-    Gon.clear
-    Gon.int = 1
-    ActionView::Base.instance_methods.map(&:to_s).include?('include_gon').should == true
-    base = ActionView::Base.new
-    base.include_gon.should == "<script>window.gon = {};" +
-                                 "gon.int=1;" +
-                               "</script>"
+  describe '#include_gon' do
+
+    before(:each) do
+      Gon.clear
+      Gon.instance_variable_set(:@request_id, request.object_id)
+      ActionView::Base.instance_methods.map(&:to_s).include?('include_gon').should == true
+      @base = ActionView::Base.new
+      @base.request = request
+    end
+
+    it 'outputs correct js with an integer' do
+      Gon.int = 1
+      @base.include_gon.should == '<script>window.gon = {};' +
+                                    'gon.int=1;' +
+                                  '</script>'
+    end
+
+    it 'outputs correct js with a string' do
+      Gon.str = %q(a'b"c)
+      @base.include_gon.should == '<script>window.gon = {};' +
+                                    %q(gon.str="a'b\"c";) +
+                                  '</script>'
+    end
+
+    it 'outputs correct js with a script string' do
+      Gon.str = %q(</script><script>alert('!')</script>)
+      @base.include_gon.should == '<script>window.gon = {};' +
+                                    %q(gon.str="<\\/script><script>alert('!')<\\/script>";) +
+                                  '</script>'
+    end
+
   end
 
   it 'returns exception if try to set public method as variable' do
     Gon.clear
     lambda { Gon.all_variables = 123 }.should raise_error
+    lambda { Gon.rabl = 123 }.should raise_error
   end
 
   describe '.rabl' do