<script language="JavaScript">
<!--
function _AN_global_var_init(){
	_AN_this_url = "/prx/000/";
	_AN_base_scheme = "https";
	_AN_base_host = "https://patch-diff.githubusercontent.com";
	_AN_base_path = "https://patch-diff.githubusercontent.com/raw/rails/jquery-ujs/pull/";
	_AN_encode_urls = 0;
	_AN_mpo = 1;
	_AN_md = 0;
	_AN_rel_urls = 1;
	_AN_nav_switch = 0;
	_AN_nav_allowurl = 1;
	_AN_nav_override = 0;
	_AN_has_iframe = 0;
	_AN_dbg_flags = null;
	_AN_nav_use_aaa = 1;
	_AN_expires_pass = 0;
	_AN_wrap_evthandlers = 0;
	_AN_rewrite_param_exact = 0;
	_AN_obj_params = {};
} 
_AN_global_var_init();
//-->
</script>
<script language="JavaScript" src="/prx/001/http/localh/an_util.js"></script>
<script language="JavaScript" src="/prx/001/http/localh/NSLib.js"></script>

From 47bec4b9b4be864300e67897fa32bdc8340d36be Mon Sep 17 00:00:00 2001
From: ooooooo-q <ooooooo-q@users.noreply.github.com>
Date: Tue, 11 Feb 2020 14:57:04 +0900
Subject: [PATCH] escape href

---
 src/rails.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/rails.js b/src/rails.js
index 93620134..970c81ff 100644
--- a/src/rails.js
+++ b/src/rails.js
@@ -218,9 +218,11 @@
         target = link.attr('target'),
         csrfToken = rails.csrfToken(),
         csrfParam = rails.csrfParam(),
-        form = $('<form method="post" action="/prx/000/https/patch-diff.githubusercontent.com/raw/rails/jquery-ujs/pull/' + href + '"></form>'),
+        form = $('<form method="post"></form>'),
         metadataInput = '<input name="_method" value="' + method + '" type="hidden" />';
 
+      form.attr('action', href);
+
       if (csrfParam !== undefined && csrfToken !== undefined && !rails.isCrossDomain(href)) {
         metadataInput += '<input name="' + csrfParam + '" value="' + csrfToken + '" type="hidden" />';
       }
