Please sign in to comment.
Restore performance of ERB::Util.html_escape
Revert html_escape to do a single gsub again, but add the "n" flag (no language, i.e. not multi-byte) to protect against XSS via invalid utf8 Signed-off-by: José Valim <email@example.com>
- Loading branch information...
Showing with 18 additions and 7 deletions.