mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
* lib/erb.rb (ERB::Util.html_escape): use CGI.escape to escape
single quotes. [ruby-core:47138] [Bug #6861] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
parent
a632108557
commit
4093598bf6
3 changed files with 18 additions and 1 deletions
|
@ -1,3 +1,8 @@
|
|||
Mon Aug 13 13:13:19 2012 Shugo Maeda <shugo@ruby-lang.org>
|
||||
|
||||
* lib/erb.rb (ERB::Util.html_escape): use CGI.escape to escape
|
||||
single quotes. [ruby-core:47138] [Bug #6861]
|
||||
|
||||
Sun Aug 12 11:57:20 2012 Kazuki Tsujimoto <kazuki@callcc.net>
|
||||
|
||||
* vm.c (invoke_block_from_c): fix unintentional block passing.
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
#
|
||||
# You can redistribute it and/or modify it under the same terms as Ruby.
|
||||
|
||||
require "cgi/util"
|
||||
|
||||
#
|
||||
# = ERB -- Ruby Templating
|
||||
#
|
||||
|
@ -909,7 +911,7 @@ class ERB
|
|||
# is a > 0 & a < 10?
|
||||
#
|
||||
def html_escape(s)
|
||||
s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<")
|
||||
CGI.escapeHTML(s)
|
||||
end
|
||||
alias h html_escape
|
||||
module_function :h
|
||||
|
|
|
@ -37,6 +37,16 @@ class TestERB < Test::Unit::TestCase
|
|||
}
|
||||
assert_match(/\Atest filename:1\b/, e.backtrace[0])
|
||||
end
|
||||
|
||||
def test_html_escape
|
||||
# TODO: ' should be chaged to '
|
||||
assert_equal(" !"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
|
||||
ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"))
|
||||
|
||||
assert_equal("", ERB::Util.html_escape(""))
|
||||
assert_equal("abc", ERB::Util.html_escape("abc"))
|
||||
assert_equal("<<", ERB::Util.html_escape("<<"))
|
||||
end
|
||||
end
|
||||
|
||||
class TestERBCore < Test::Unit::TestCase
|
||||
|
|
Loading…
Add table
Reference in a new issue