Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let HTML.escape only escape &<>"' #5012

Merged
merged 1 commit into from
Sep 21, 2017
Merged

Let HTML.escape only escape &<>"' #5012

merged 1 commit into from
Sep 21, 2017

Conversation

asterite
Copy link
Member

@asterite asterite commented Sep 20, 2017

Fixes #3233

According to OWSAP these are the only ones that should be escaped. Well, actually, they also recommend escaping /. However, Ruby, Python and Go just escape these, so I think it's pretty safe if we do the same thing.

About unescape: maybe more (all) named chars should be unescaped, but it's out of the scope of this PR.

This basically undoes #2175, which was a mistake.

@asterite
Copy link
Member Author

asterite commented Sep 20, 2017 via email

@akzhan
Copy link
Contributor

akzhan commented Sep 20, 2017

Yes, it's original idea just to rollback bad change :)

@RX14 RX14 added kind:bug A bug in the code. Does not apply to documentation, specs, etc. topic:stdlib labels Sep 21, 2017
@RX14 RX14 added this to the Next milestone Sep 21, 2017
@RX14 RX14 merged commit 8042d98 into crystal-lang:master Sep 21, 2017
@asterite asterite deleted the bug/3233-html-escape branch September 22, 2017 11:15
@jhass jhass mentioned this pull request Apr 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind:bug A bug in the code. Does not apply to documentation, specs, etc. topic:stdlib
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants