Skip to content
Browse files

properly escape "'" to "'" for XML/HTML (BTW Erubis does that as…

… well)
  • Loading branch information...
1 parent fb6fa1e commit 9257106b09714feb0904bc540e8995953d979622 Philipp Kempgen (Amooma) committed
Showing with 2 additions and 2 deletions.
  1. +2 −2 activesupport/lib/active_support/core_ext/string/output_safety.rb
View
4 activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -3,7 +3,7 @@
class ERB
module Util
- HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;' }
+ HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&apos;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
# A utility method for escaping HTML tag characters.
@@ -20,7 +20,7 @@ def html_escape(s)
if s.html_safe?
s
else
- s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe
+ s.gsub(/[&"'><]/) { |special| HTML_ESCAPE[special] }.html_safe
end
end

0 comments on commit 9257106

Please sign in to comment.
Something went wrong with that request. Please try again.