Correctly encode confirm handlers

With encode set to false the onclick handler will be sent through
h() regardless, making links and postLinks work again.

lib/Cake/Test/Case/View/Helper/FormHelperTest.php

@@ -7050,6 +7050,19 @@ class FormHelperTest extends CakeTestCase {
 			'/a'
 		));
 
+		$result = $this->Form->postLink('Delete', '/posts/delete/1', array('escape' => false), '\'Confirm\' this "deletion"?');
+		$this->assertTags($result, array(
+			'form' => array(
+				'method' => 'post', 'action' => '/posts/delete/1',
+				'name' => 'preg:/post_\w+/', 'id' => 'preg:/post_\w+/', 'style' => 'display:none;'
+			),
+			'input' => array('type' => 'hidden', 'name' => '_method', 'value' => 'POST'),
+			'/form',
+			'a' => array('href' => '#', 'onclick' => 'preg:/if \(confirm\("'Confirm' this \\\\"deletion\\\\"\?"\)\) \{ document\.post_\w+\.submit\(\); \} event\.returnValue = false; return false;/'),
+			'Delete',
+			'/a'
+		));
+
 		$result = $this->Form->postLink('Delete', '/posts/delete', array('data' => array('id' => 1)));
 		$this->assertContains('<input type="hidden" name="data[id]" value="1"/>', $result);
 

lib/Cake/Test/Case/View/Helper/HtmlHelperTest.php

@@ -221,6 +221,14 @@ class HtmlHelperTest extends CakeTestCase {
 		);
 		$this->assertTags($result, $expected);
 
+		$result = $this->Html->link('Home', '/home', array('escape' => false, 'confirm' => 'Confirm\'s "nightmares"'));
+		$expected = array(
+			'a' => array('href' => '/home', 'onclick' => 'if (confirm("Confirm's \"nightmares\"")) { return true; } return false;'),
+			'Home',
+			'/a'
+		);
+		$this->assertTags($result, $expected);
+
 		$result = $this->Html->link('Home', '/home', array('default' => false));
 		$expected = array(
 			'a' => array('href' => '/home', 'onclick' => 'event.returnValue = false; return false;'),

lib/Cake/View/Helper.php

@@ -505,11 +505,16 @@ class Helper extends Object {
  * @param string $message Message to be displayed
  * @param string $okCode Code to be executed after user chose 'OK'
  * @param string $cancelCode Code to be executed after user chose 'Cancel'
+ * @param array $options Array of options
  * @return string onclick JS code
  */
-	protected function _confirm($message, $okCode, $cancelCode = '') {
+	protected function _confirm($message, $okCode, $cancelCode = '', $options = array()) {
 		$message = json_encode($message);
-		return "if (confirm({$message})) { {$okCode} } {$cancelCode}";
+		$confirm = "if (confirm({$message})) { {$okCode} } {$cancelCode}";
+		if (isset($options['escape']) && $options['escape'] === false) {
+			$confirm = h($confirm);
+		}
+		return $confirm;
 	}
 
 /**

lib/Cake/View/Helper/FormHelper.php

@@ -1784,7 +1784,7 @@ class FormHelper extends AppHelper {
 		$url = '#';
 		$onClick = 'document.' . $formName . '.submit();';
 		if ($confirmMessage) {
-			$options['onclick'] = $this->_confirm($confirmMessage, $onClick);
+			$options['onclick'] = $this->_confirm($confirmMessage, $onClick, '', $options);
 		} else {
 			$options['onclick'] = $onClick . ' ';
 		}

lib/Cake/View/Helper/HtmlHelper.php

@@ -359,7 +359,7 @@ class HtmlHelper extends AppHelper {
 			unset($options['confirm']);
 		}
 		if ($confirmMessage) {
-			$options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;');
+			$options['onclick'] = $this->_confirm($confirmMessage, 'return true;', 'return false;', $options);
 		} elseif (isset($options['default']) && !$options['default']) {
 			if (isset($options['onclick'])) {
 				$options['onclick'] .= ' ';