diff options
author | Sean Griffin <sean@seantheprogrammer.com> | 2015-10-20 16:50:01 -0600 |
---|---|---|
committer | Sean Griffin <sean@seantheprogrammer.com> | 2015-10-20 16:50:01 -0600 |
commit | d94ae72a5259c31ea510e6341bbbf4e920312ebe (patch) | |
tree | a9bef1bd954692396f1af545d87dac207362d82c /activesupport/lib/active_support/core_ext | |
parent | cd46bfc54fb34f0b4ed89e00d2efbe8a0273ab0b (diff) | |
parent | 05a2a6a0c5ac2384e52df9b8c2aa81352a51d7c7 (diff) | |
download | rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.gz rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.tar.bz2 rails-d94ae72a5259c31ea510e6341bbbf4e920312ebe.zip |
Merge pull request #19992 from greysteil/handle-invalid-utf8-in-html-escape
Handle invalid UTF-8 strings when HTML escaping
Diffstat (limited to 'activesupport/lib/active_support/core_ext')
-rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 8b27ec4413..510fa48189 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -37,7 +37,7 @@ class ERB if s.html_safe? s else - s.gsub(HTML_ESCAPE_REGEXP, HTML_ESCAPE) + ActiveSupport::Multibyte::Unicode.tidy_bytes(s).gsub(HTML_ESCAPE_REGEXP, HTML_ESCAPE) end end module_function :unwrapped_html_escape @@ -50,7 +50,7 @@ class ERB # html_escape_once('<< Accept & Checkout') # # => "<< Accept & Checkout" def html_escape_once(s) - result = s.to_s.gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE) + result = ActiveSupport::Multibyte::Unicode.tidy_bytes(s.to_s).gsub(HTML_ESCAPE_ONCE_REGEXP, HTML_ESCAPE) s.html_safe? ? result.html_safe : result end |