diff options
| author | José Valim <jose.valim@gmail.com> | 2011-05-07 03:41:26 -0700 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2011-05-07 03:41:26 -0700 |
| commit | aaf01cd53718c8aa5b69ac056b997e6dd9893777 (patch) | |
| tree | 8541f3d2d89d0646d02311ce16cc063143107d7f /activesupport/lib/active_support | |
| parent | 9cc18c52faeebaad6a76bd62cdca1c6b9f96afed (diff) | |
| parent | 474e313d02f0c8f9d821efe720bd5242e700233f (diff) | |
| download | rails-aaf01cd53718c8aa5b69ac056b997e6dd9893777.tar.gz rails-aaf01cd53718c8aa5b69ac056b997e6dd9893777.tar.bz2 rails-aaf01cd53718c8aa5b69ac056b997e6dd9893777.zip | |
Merge pull request #275 from pk-amooma/master
properly escape "'" to "'" for XML
Diffstat (limited to 'activesupport/lib/active_support')
| -rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index c27cbc37c5..6f410819ba 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -3,7 +3,7 @@ require 'active_support/core_ext/kernel/singleton_class' class ERB module Util - HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } + XML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } # A utility method for escaping HTML tag characters. @@ -20,7 +20,7 @@ class ERB if s.html_safe? s else - s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe + s.gsub(/[&"'><]/) { |special| XML_ESCAPE[special] }.html_safe end end |