Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

use the decimal HTML escape code for single quotes instead of the hex on... #9144

Closed
wants to merge 1 commit into from

4 participants

@morgancurrie

...e so webkit-based browsers properly translate the code in form fields

@morgancurrie morgancurrie use the decimal HTML escape code for single quotes instead of the hex…
… one so webkit-based browsers properly translate the code in form fields
5ceb790
@morgancurrie

Single quotes have been added to the HTML_ESCAPE hash in output_safety.rb, but they are currently being replaced with their hex code equivalent (& #x27;), which Chrome/Safari will display as-is in the form field. If they are replaced with the decimal equiv (& #39;) instead, the browser will properly display a single quote in their place, as is already done with other escaped characters (& gt;, & amp;, etc.).

@rafaelfranca
Owner

@morgancurrie could you update the tests? I'll merge

@carlosantoniodasilva

Good, this change is already in master. :+1:

@rafaelfranca
Owner

Already applied. Thanks

@johndouthat

For clarification, this wasn't a webkit issue. The issue was that escape_once was double-escaping the hex-encoded entity. i.e. It was
<input type="text" value="Schrodinger&amp;#x27;s Cat" />
when it should have been
<input type="text" value="Schrodinger&#x27;s Cat" />

Related #9088 #9101 #9102

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 1, 2013
  1. @morgancurrie

    use the decimal HTML escape code for single quotes instead of the hex…

    morgancurrie authored
    … one so webkit-based browsers properly translate the code in form fields
This page is out of date. Refresh to see the latest.
View
2  activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -2,7 +2,7 @@
class ERB
module Util
- HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#x27;' }
+ HTML_ESCAPE = { '&' => '&amp;', '>' => '&gt;', '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
# A utility method for escaping HTML tag characters.
Something went wrong with that request. Please try again.