diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb index 9cfff99b78..b877c1bae7 100644 --- a/lib/cgi/util.rb +++ b/lib/cgi/util.rb @@ -22,7 +22,6 @@ class CGI # The set of special characters and their escaped values TABLE_FOR_ESCAPE_HTML__ = { - "'" => ''', '&' => '&', '"' => '"', '<' => '<', @@ -33,7 +32,7 @@ class CGI # CGI::escapeHTML('Usage: foo "bar" ') # # => "Usage: foo "bar" <baz>" def CGI::escapeHTML(string) - string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) + string.gsub(/[&\"<>]/, TABLE_FOR_ESCAPE_HTML__) end # Unescape a string that has been HTML-escaped @@ -42,9 +41,8 @@ class CGI def CGI::unescapeHTML(string) enc = string.encoding if [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc) - return string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do + return string.gsub(Regexp.new('&(amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do case $1.encode("US-ASCII") - when 'apos' then "'".encode(enc) when 'amp' then '&'.encode(enc) when 'quot' then '"'.encode(enc) when 'gt' then '>'.encode(enc) @@ -55,10 +53,9 @@ class CGI end end asciicompat = Encoding.compatible?(string, "a") - string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do + string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do match = $1.dup case match - when 'apos' then "'" when 'amp' then '&' when 'quot' then '"' when 'gt' then '>' diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb index 5b43732476..a291d47f99 100644 --- a/test/cgi/test_cgi_util.rb +++ b/test/cgi/test_cgi_util.rb @@ -53,8 +53,4 @@ class CGIUtilTest < Test::Unit::TestCase assert_equal("\n\t\n\t\n\n",CGI::pretty("","\t")) end - def test_cgi_unescapeHTML - assert_equal(CGI::unescapeHTML("'&"><"),"'&\"><") - end - end