1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00

* lib/erb.rb (ERB::Util.html_escape): use CGI.escape to escape

single quotes. [ruby-core:47138] [Bug ]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
shugo 2012-08-13 04:17:00 +00:00
parent a632108557
commit 4093598bf6
3 changed files with 18 additions and 1 deletions

View file

@ -1,3 +1,8 @@
Mon Aug 13 13:13:19 2012 Shugo Maeda <shugo@ruby-lang.org>
* lib/erb.rb (ERB::Util.html_escape): use CGI.escape to escape
single quotes. [ruby-core:47138] [Bug #6861]
Sun Aug 12 11:57:20 2012 Kazuki Tsujimoto <kazuki@callcc.net>
* vm.c (invoke_block_from_c): fix unintentional block passing.

View file

@ -10,6 +10,8 @@
#
# You can redistribute it and/or modify it under the same terms as Ruby.
require "cgi/util"
#
# = ERB -- Ruby Templating
#
@ -909,7 +911,7 @@ class ERB
# is a &gt; 0 &amp; a &lt; 10?
#
def html_escape(s)
s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
CGI.escapeHTML(s)
end
alias h html_escape
module_function :h

View file

@ -37,6 +37,16 @@ class TestERB < Test::Unit::TestCase
}
assert_match(/\Atest filename:1\b/, e.backtrace[0])
end
def test_html_escape
# TODO: &apos; should be chaged to &#x27;
assert_equal(" !&quot;\#$%&amp;&apos;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"))
assert_equal("", ERB::Util.html_escape(""))
assert_equal("abc", ERB::Util.html_escape("abc"))
assert_equal("&lt;&lt;", ERB::Util.html_escape("<<"))
end
end
class TestERBCore < Test::Unit::TestCase