Permalink
Browse files

Also move html_esacpe regex to a constant (see 9d25af6)

  • Loading branch information...
1 parent 2c564cd commit 0696547814057eaed3c13e70a6dc6b2b7bb3e1f9 @chancancode chancancode committed Dec 4, 2013
Showing with 2 additions and 1 deletion.
  1. +2 −1 activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -5,6 +5,7 @@ class ERB
module Util
HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003e', '<' => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
+ HTML_ESCAPE_REGEXP = /[&"'><]/
HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+));)/
JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
@@ -21,7 +22,7 @@ def html_escape(s)
if s.html_safe?
s
else
- s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
+ s.gsub(HTML_ESCAPE_REGEXP, HTML_ESCAPE).html_safe
end
end

0 comments on commit 0696547

Please sign in to comment.