aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_view/helpers/tag_helper.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_view/helpers/tag_helper.rb')
-rw-r--r--actionpack/lib/action_view/helpers/tag_helper.rb7
1 files changed, 6 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index 6c71b8b767..6001b21e63 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -34,7 +34,7 @@ module ActionView
private
def tag_options(options)
cleaned_options = convert_booleans(options.stringify_keys.reject {|key, value| value.nil?})
- ' ' + cleaned_options.map {|key, value| %(#{key}="#{html_escape(value.to_s)}")}.sort * ' ' unless cleaned_options.empty?
+ ' ' + cleaned_options.map {|key, value| %(#{key}="#{fix_double_escape(html_escape(value.to_s))}")}.sort * ' ' unless cleaned_options.empty?
end
def convert_booleans(options)
@@ -45,6 +45,11 @@ module ActionView
def boolean_attribute(options, attribute)
options[attribute] ? options[attribute] = attribute : options.delete(attribute)
end
+
+ # Fix double-escaped entities, such as &, {, etc.
+ def fix_double_escape(escaped)
+ escaped.gsub(/&([a-z]+|(#\d+));/i) { "&#{$1};" }
+ end
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 06:01:54 +0000