Permalink
Browse files

escape_once uses negative lookahead to avoid double-escaping instead …

…of a second gsub

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent cb5b8a7 commit e711d8fade2a47e4a709fa3eb4b8dd7af6f6ac08 @jeremy jeremy committed Sep 24, 2007
Showing with 1 addition and 6 deletions.
  1. +1 −6 actionpack/lib/action_view/helpers/tag_helper.rb
@@ -94,7 +94,7 @@ def cdata_section(content)
# escape_once("<< Accept & Checkout")
# # => "<< Accept & Checkout"
def escape_once(html)
- fix_double_escape(html_escape(html.to_s))
+ html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
end
private
@@ -116,11 +116,6 @@ def tag_options(options)
end
end
- # Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc.
- def fix_double_escape(escaped)
- escaped.gsub(/&amp;([a-z]+|(#\d+));/i) { "&#{$1};" }
- end
-
def block_is_within_action_view?(block)
eval("defined? _erbout", block.binding)
end

0 comments on commit e711d8f

Please sign in to comment.