diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-07-31 22:25:54 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2012-08-02 17:14:30 -0300 |
| commit | 28f2c6f4037081da0a82104a3f473165ed4ed2ce (patch) | |
| tree | a511eac32c29cf7f9612b6691ac15ac558c5bd77 /activesupport/test/core_ext/string_ext_test.rb | |
| parent | 9c1b1bd42ce00d43b7894daaf096eff9ee55aef1 (diff) | |
| download | rails-28f2c6f4037081da0a82104a3f473165ed4ed2ce.tar.gz rails-28f2c6f4037081da0a82104a3f473165ed4ed2ce.tar.bz2 rails-28f2c6f4037081da0a82104a3f473165ed4ed2ce.zip | |
html_escape should escape single quotes
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
Diffstat (limited to 'activesupport/test/core_ext/string_ext_test.rb')
| -rw-r--r-- | activesupport/test/core_ext/string_ext_test.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb index 47b9f68ed0..a8eca53ea7 100644 --- a/activesupport/test/core_ext/string_ext_test.rb +++ b/activesupport/test/core_ext/string_ext_test.rb @@ -493,8 +493,8 @@ class OutputSafetyTest < ActiveSupport::TestCase end test "ERB::Util.html_escape should escape unsafe characters" do - string = '<>&"' - expected = '<>&"' + string = '<>&"\'' + expected = '<>&"'' assert_equal expected, ERB::Util.html_escape(string) end |