diff options
| -rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 4 | ||||
| -rw-r--r-- | activesupport/test/core_ext/string_ext_test.rb | 12 |
2 files changed, 2 insertions, 14 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 6f410819ba..c27cbc37c5 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -3,7 +3,7 @@ require 'active_support/core_ext/kernel/singleton_class' class ERB module Util - XML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' } + HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' } JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' } # A utility method for escaping HTML tag characters. @@ -20,7 +20,7 @@ class ERB if s.html_safe? s else - s.gsub(/[&"'><]/) { |special| XML_ESCAPE[special] }.html_safe + s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }.html_safe end end diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb index 54ef68c59b..32675c884a 100644 --- a/activesupport/test/core_ext/string_ext_test.rb +++ b/activesupport/test/core_ext/string_ext_test.rb @@ -387,18 +387,6 @@ class OutputSafetyTest < ActiveSupport::TestCase assert !@other_combination.html_safe? end - test "Escapes special HTML/XML characters" do - @other_string = "other".html_safe - @combination = @other_string + "<foo>&\"'" - @other_combination = @string + "<foo>&\"'" - - assert_equal "other<foo>&"'", @combination - assert_equal "hello<foo>&\"'", @other_combination - - assert @combination.html_safe? - assert !@other_combination.html_safe? - end - test "Concatting safe onto unsafe yields unsafe" do @other_string = "other" |