diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2012-07-31 22:25:54 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2012-08-02 17:09:37 -0300 |
| commit | 2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae (patch) | |
| tree | 70e5d9cf8bf64b73d60b4798828f8aa59a488236 /activesupport/test/core_ext/string_ext_test.rb | |
| parent | 96e92b616264c26a5c1c2a50f0495c119a869772 (diff) | |
| download | rails-2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae.tar.gz rails-2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae.tar.bz2 rails-2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae.zip | |
html_escape should escape single quotes
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215
Conflicts:
actionpack/test/template/erb_util_test.rb
actionpack/test/template/form_tag_helper_test.rb
actionpack/test/template/text_helper_test.rb
actionpack/test/template/url_helper_test.rb
activesupport/lib/active_support/core_ext/string/output_safety.rb
Diffstat (limited to 'activesupport/test/core_ext/string_ext_test.rb')
| -rw-r--r-- | activesupport/test/core_ext/string_ext_test.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb index 47b9f68ed0..a8eca53ea7 100644 --- a/activesupport/test/core_ext/string_ext_test.rb +++ b/activesupport/test/core_ext/string_ext_test.rb @@ -493,8 +493,8 @@ class OutputSafetyTest < ActiveSupport::TestCase end test "ERB::Util.html_escape should escape unsafe characters" do - string = '<>&"' - expected = '<>&"' + string = '<>&"\'' + expected = '<>&"'' assert_equal expected, ERB::Util.html_escape(string) end |