Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

FAQ#escape_html is acutally URI escape #66

Closed
eregon opened this Issue · 5 comments

3 participants

@eregon

Hello,

The tip mentioned at http://www.sinatrarb.com/faq.html#escape_html is not right.
Rack::Utils#escape is doing URI escaping as http://rack.rubyforge.org/doc/classes/Rack/Utils.html#M000082 says.

One could use CGI.escapeHTML instead:

> require 'cgi'
=> true 
> CGI.escapeHTML('<b>nice try</b>')
=> "&lt;b&gt;nice try&lt;/b&gt;" 
@bigwheel

I also find a same problem and has send a pull request in #73.

@eregon

@bigwheel Thanks! I will close this then, your solution seems the best.

@eregon eregon closed this
@tedsparc

Hello @eregon,

Thanks for your work on this. I noticed this issue is still visible at http://www.sinatrarb.com/faq.html#escape_html and it tripped me up today. Is there maybe a refresh that can be done for the public web site?

@eregon

@tedsparc It seems fixed at me, thanks to #73 which was pulled. Rack::Utils#escape_html seems fine to escape HTML (Rack::Utils#escape is doing URI escaping though). Do you still observe alias_method :h, :escape on that page?

@tedsparc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.