Skip to content

FAQ#escape_html is acutally URI escape #66

Closed
eregon opened this Issue May 14, 2012 · 5 comments

3 participants

@eregon
eregon commented May 14, 2012

Hello,

The tip mentioned at http://www.sinatrarb.com/faq.html#escape_html is not right.
Rack::Utils#escape is doing URI escaping as http://rack.rubyforge.org/doc/classes/Rack/Utils.html#M000082 says.

One could use CGI.escapeHTML instead:

> require 'cgi'
=> true 
> CGI.escapeHTML('<b>nice try</b>')
=> "&lt;b&gt;nice try&lt;/b&gt;" 
@bigwheel

I also find a same problem and has send a pull request in #73.

@eregon
eregon commented Jul 15, 2012

@bigwheel Thanks! I will close this then, your solution seems the best.

@eregon eregon closed this Jul 15, 2012
@tedsparc
tedsparc commented Aug 2, 2012

Hello @eregon,

Thanks for your work on this. I noticed this issue is still visible at http://www.sinatrarb.com/faq.html#escape_html and it tripped me up today. Is there maybe a refresh that can be done for the public web site?

@eregon
eregon commented Aug 2, 2012

@tedsparc It seems fixed at me, thanks to #73 which was pulled. Rack::Utils#escape_html seems fine to escape HTML (Rack::Utils#escape is doing URI escaping though). Do you still observe alias_method :h, :escape on that page?

@tedsparc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.