Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

FAQ#escape_html is acutally URI escape #66

eregon opened this Issue May 14, 2012 · 5 comments


None yet
3 participants

eregon commented May 14, 2012


The tip mentioned at http://www.sinatrarb.com/faq.html#escape_html is not right.
Rack::Utils#escape is doing URI escaping as http://rack.rubyforge.org/doc/classes/Rack/Utils.html#M000082 says.

One could use CGI.escapeHTML instead:

> require 'cgi'
=> true 
> CGI.escapeHTML('<b>nice try</b>')
=> "&lt;b&gt;nice try&lt;/b&gt;" 

bigwheel commented Jul 14, 2012

I also find a same problem and has send a pull request in #73.

eregon commented Jul 15, 2012

@bigwheel Thanks! I will close this then, your solution seems the best.

@eregon eregon closed this Jul 15, 2012

tedsparc commented Aug 2, 2012

Hello @eregon,

Thanks for your work on this. I noticed this issue is still visible at http://www.sinatrarb.com/faq.html#escape_html and it tripped me up today. Is there maybe a refresh that can be done for the public web site?

eregon commented Aug 2, 2012

@tedsparc It seems fixed at me, thanks to #73 which was pulled. Rack::Utils#escape_html seems fine to escape HTML (Rack::Utils#escape is doing URI escaping though). Do you still observe alias_method :h, :escape on that page?

tedsparc commented Aug 2, 2012

Hi Benoit,

Thanks for getting back to me. I reloaded the page and it now correctly shows escape_html. Thanks for the help here!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment