Skip to content

SafeBuffer doesn't handle % #6352

Closed
@jaroslawr

Description

@jaroslawr

This ERB code:

"<b>Foobar</b>".html_safe + "<b>foo</b>

Becomes this HTML:

<b>Foobar</b>&lt;b&gt;foo&lt;/b&gt;

But this ERB code:

<%= "<b>Foobar</b> %s".html_safe % "<b>foo</b>" %>

Becomes this HTML:

&lt;b&gt;Foobar&lt;/b&gt; &lt;b&gt;foo&lt;/b&gt;

In the second case, I would expect only <b>foo</b> to be escaped, but instead both strings are escaped.

Is there any deep reason for this or is it just on omission?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions