diff options
| author | Michael Koziarski <michael@koziarski.com> | 2009-10-15 09:58:17 +1300 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2009-10-15 09:58:17 +1300 |
| commit | 5d5e34fa52183566968cb22f7c49544a7361a130 (patch) | |
| tree | b72331ecdb883cb1e82f4674e7ae563bfad31d61 /actionpack | |
| parent | 1b3195b63ca44f0a70b61b75fcf4991cb2fbb944 (diff) | |
| download | rails-5d5e34fa52183566968cb22f7c49544a7361a130.tar.gz rails-5d5e34fa52183566968cb22f7c49544a7361a130.tar.bz2 rails-5d5e34fa52183566968cb22f7c49544a7361a130.zip | |
Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the latter isn't
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/redirector.rb | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/safe_buffer.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/redirector.rb b/actionpack/lib/action_controller/metal/redirector.rb index f79fd54acd..b55f5e7bfc 100644 --- a/actionpack/lib/action_controller/metal/redirector.rb +++ b/actionpack/lib/action_controller/metal/redirector.rb @@ -16,7 +16,7 @@ module ActionController logger.info("Redirected to #{url}") if logger && logger.info? self.status = status self.location = url.gsub(/[\r\n]/, '') - self.response_body = "<html><body>You are being <a href=\"#{CGI.escapeHTML(url)}\">redirected</a>.</body></html>" + self.response_body = "<html><body>You are being <a href=\"#{ERB::Util.h(url)}\">redirected</a>.</body></html>" end end end diff --git a/actionpack/lib/action_view/safe_buffer.rb b/actionpack/lib/action_view/safe_buffer.rb index 8ba9cd80d6..09f44ab26f 100644 --- a/actionpack/lib/action_view/safe_buffer.rb +++ b/actionpack/lib/action_view/safe_buffer.rb @@ -5,7 +5,7 @@ module ActionView #:nodoc: if value.html_safe? super(value) else - super(CGI.escapeHTML(value)) + super(ERB::Util.h(value)) end end |