Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

&#39 dates back to SGML when &#x27 was introduced in HTML 4.0

  • Loading branch information...
commit 6b2a24c3bd7ed75326dec50decf6018b3685f113 1 parent 5d264f2
@kalys kalys authored
View
2  actionpack/test/template/erb_util_test.rb
@@ -45,7 +45,7 @@ def test_rest_in_ascii
end
def test_html_escape_once
- assert_equal '1 &lt;&gt;&amp;&quot;&#x27; 2 &amp; 3', html_escape_once('1 <>&"\' 2 &amp; 3')
+ assert_equal '1 &lt;&gt;&amp;&quot;&#39; 2 &amp; 3', html_escape_once('1 <>&"\' 2 &amp; 3')
end
def test_html_escape_once_returns_unsafe_strings_when_passed_unsafe_strings
View
2  actionpack/test/template/form_options_helper_test.rb
@@ -1124,7 +1124,7 @@ def test_time_zone_select_with_default_time_zone_and_value
def test_options_for_select_with_element_attributes
assert_dom_equal(
- "<option value=\"&lt;Denmark&gt;\" class=\"bold\">&lt;Denmark&gt;</option>\n<option value=\"USA\" onclick=\"alert(&#x27;Hello World&#x27;);\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>",
+ "<option value=\"&lt;Denmark&gt;\" class=\"bold\">&lt;Denmark&gt;</option>\n<option value=\"USA\" onclick=\"alert(&#39;Hello World&#39;);\">USA</option>\n<option value=\"Sweden\">Sweden</option>\n<option value=\"Germany\">Germany</option>",
options_for_select([ [ "<Denmark>", { :class => 'bold' } ], [ "USA", { :onclick => "alert('Hello World');" } ], [ "Sweden" ], "Germany" ])
)
end
View
2  actionpack/test/template/form_tag_helper_test.rb
@@ -391,7 +391,7 @@ def test_stringify_symbol_keys
def test_submit_tag
assert_dom_equal(
- %(<input name='commit' data-disable-with="Saving..." onclick="alert(&#x27;hello!&#x27;)" type="submit" value="Save" />),
+ %(<input name='commit' data-disable-with="Saving..." onclick="alert(&#39;hello!&#39;)" type="submit" value="Save" />),
submit_tag("Save", :onclick => "alert('hello!')", :data => { :disable_with => "Saving..." })
)
end
View
10 actionpack/test/template/javascript_helper_test.rb
@@ -44,14 +44,14 @@ def test_escape_javascript_with_safebuffer
def test_button_to_function
assert_deprecated "button_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
- assert_dom_equal %(<input type="button" onclick="alert(&#x27;Hello world!&#x27;);" value="Greeting" />),
+ assert_dom_equal %(<input type="button" onclick="alert(&#39;Hello world!&#39;);" value="Greeting" />),
button_to_function("Greeting", "alert('Hello world!')")
end
end
def test_button_to_function_with_onclick
assert_deprecated "button_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
- assert_dom_equal "<input onclick=\"alert(&#x27;Goodbye World :(&#x27;); alert(&#x27;Hello world!&#x27;);\" type=\"button\" value=\"Greeting\" />",
+ assert_dom_equal "<input onclick=\"alert(&#39;Goodbye World :(&#39;); alert(&#39;Hello world!&#39;);\" type=\"button\" value=\"Greeting\" />",
button_to_function("Greeting", "alert('Hello world!')", :onclick => "alert('Goodbye World :(')")
end
end
@@ -65,21 +65,21 @@ def test_button_to_function_without_function
def test_link_to_function
assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
- assert_dom_equal %(<a href="#" onclick="alert(&#x27;Hello world!&#x27;); return false;">Greeting</a>),
+ assert_dom_equal %(<a href="#" onclick="alert(&#39;Hello world!&#39;); return false;">Greeting</a>),
link_to_function("Greeting", "alert('Hello world!')")
end
end
def test_link_to_function_with_existing_onclick
assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
- assert_dom_equal %(<a href="#" onclick="confirm(&#x27;Sanity!&#x27;); alert(&#x27;Hello world!&#x27;); return false;">Greeting</a>),
+ assert_dom_equal %(<a href="#" onclick="confirm(&#39;Sanity!&#39;); alert(&#39;Hello world!&#39;); return false;">Greeting</a>),
link_to_function("Greeting", "alert('Hello world!')", :onclick => "confirm('Sanity!')")
end
end
def test_function_with_href
assert_deprecated "link_to_function is deprecated and will be removed from Rails 4.1. Use Unobtrusive JavaScript instead." do
- assert_dom_equal %(<a href="http://example.com/" onclick="alert(&#x27;Hello world!&#x27;); return false;">Greeting</a>),
+ assert_dom_equal %(<a href="http://example.com/" onclick="alert(&#39;Hello world!&#39;); return false;">Greeting</a>),
link_to_function("Greeting", "alert('Hello world!')", :href => 'http://example.com/')
end
end
View
2  actionpack/test/template/text_helper_test.rb
@@ -149,7 +149,7 @@ def test_truncate_with_block_with_escape_false_should_be_html_safe
end
def test_truncate_with_block_should_escape_the_block
- assert_equal "Here is a long test and ...&lt;script&gt;alert(&#x27;foo&#x27;);&lt;/script&gt;",
+ assert_equal "Here is a long test and ...&lt;script&gt;alert(&#39;foo&#39;);&lt;/script&gt;",
truncate("Here is a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" }
end
View
2  actionpack/test/template/url_helper_test.rb
@@ -244,7 +244,7 @@ def test_link_with_nil_html_options
def test_link_tag_with_custom_onclick
link = link_to("Hello", "http://www.example.com", :onclick => "alert('yay!')")
- expected = %{<a href="http://www.example.com" onclick="alert(&#x27;yay!&#x27;)">Hello</a>}
+ expected = %{<a href="http://www.example.com" onclick="alert(&#39;yay!&#39;)">Hello</a>}
assert_dom_equal expected, link
end
View
2  activesupport/CHANGELOG.md
@@ -1,5 +1,7 @@
## Rails 4.0.0 (unreleased) ##
+* `ERB::Util.html_escape` encodes single quote as `#39`. Decimal form has better support in old browsers. *Kalys Osmonov*
+
* `ActiveSupport::Callbacks`: deprecate monkey patch of object callbacks.
Using the #filter method like this:
View
2  activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -3,7 +3,7 @@
class ERB
module Util
- HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#x27;' }
+ HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+));)/
JSON_ESCAPE_REGEXP = /[&"><]/
View
2  activesupport/test/core_ext/string_ext_test.rb
@@ -500,7 +500,7 @@ def to_s
test "ERB::Util.html_escape should escape unsafe characters" do
string = '<>&"\''
- expected = '&lt;&gt;&amp;&quot;&#x27;'
+ expected = '&lt;&gt;&amp;&quot;&#39;'
assert_equal expected, ERB::Util.html_escape(string)
end
View
4 railties/test/application/assets_test.rb
@@ -241,7 +241,7 @@ def show_detailed_exceptions?() true end
get '/posts'
assert_match(/AssetNotPrecompiledError/, last_response.body)
- assert_match(/app.js isn&#x27;t precompiled/, last_response.body)
+ assert_match(/app.js isn&#39;t precompiled/, last_response.body)
end
test "assets raise AssetNotPrecompiledError when manifest file is present and requested file isn't precompiled if digest is disabled" do
@@ -265,7 +265,7 @@ class ::PostsController < ActionController::Base ; end
get '/posts'
assert_match(/AssetNotPrecompiledError/, last_response.body)
- assert_match(/app.js isn&#x27;t precompiled/, last_response.body)
+ assert_match(/app.js isn&#39;t precompiled/, last_response.body)
end
test "precompile properly refers files referenced with asset_path and and run in the provided RAILS_ENV" do
Please sign in to comment.
Something went wrong with that request. Please try again.