Escape ' in Haml::Helpers#escape_once too

like Haml::Helpers#html_escape.
haml · Feb 8, 2017 · e1dbf81 · e1dbf81
1 parent 34d9ff1
commit e1dbf81
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/haml/helpers.rb b/lib/haml/helpers.rb
@@ -612,7 +612,7 @@ def html_escape(text)
       text.gsub(HTML_ESCAPE_REGEX, HTML_ESCAPE)
     end
 
-    HTML_ESCAPE_ONCE_REGEX = /[\"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
+    HTML_ESCAPE_ONCE_REGEX = /['"><]|&(?!(?:[a-zA-Z]+|#(?:\d+|[xX][0-9a-fA-F]+));)/
 
     # Escapes HTML entities in `text`, but without escaping an ampersand
     # that is already part of an escaped entity.