aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_view/template_handlers/erb.rb2
-rw-r--r--actionpack/test/template/erb_util_test.rb56
2 files changed, 57 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb
index f1b800cb53..022fc362e7 100644
--- a/actionpack/lib/action_view/template_handlers/erb.rb
+++ b/actionpack/lib/action_view/template_handlers/erb.rb
@@ -5,7 +5,7 @@ class ERB
HTML_ESCAPE = { '&' => '&amp;', '"' => '&quot;', '>' => '&gt;', '<' => '&lt;' }
def html_escape(s)
- s.to_s.gsub(/[&\"><]/) { |special| HTML_ESCAPE[special] }
+ s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] }
end
end
end
diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb
new file mode 100644
index 0000000000..3aff987b22
--- /dev/null
+++ b/actionpack/test/template/erb_util_test.rb
@@ -0,0 +1,56 @@
+require "#{File.dirname(__FILE__)}/../abstract_unit"
+
+class ErbUtilTest < Test::Unit::TestCase
+ include ERB::Util
+
+ def test_amp
+ assert_equal '&amp;', html_escape('&')
+ end
+
+ def test_quot
+ assert_equal '&quot;', html_escape('"')
+ end
+
+ def test_lt
+ assert_equal '&lt;', html_escape('<')
+ end
+
+ def test_gt
+ assert_equal '&gt;', html_escape('>')
+ end
+
+ def test_rest_in_ascii
+ (0..127).to_a.map(&:chr).each do |chr|
+ next if %w(& " < >).include?(chr)
+ assert_equal chr, html_escape(chr)
+ end
+ end
+end
+require "#{File.dirname(__FILE__)}/../abstract_unit"
+
+class ErbUtilTest < Test::Unit::TestCase
+ include ERB::Util
+
+ def test_amp
+ assert_equal '&amp;', html_escape('&')
+ end
+
+ def test_quot
+ assert_equal '&quot;', html_escape('"')
+ end
+
+ def test_lt
+ assert_equal '&lt;', html_escape('<')
+ end
+
+ def test_gt
+ assert_equal '&gt;', html_escape('>')
+ end
+
+ def test_rest_in_ascii
+ (0..127).to_a.map(&:chr).each do |chr|
+ next if %w(& " < >).include?(chr)
+ assert_equal chr, html_escape(chr)
+ end
+ end
+end \ No newline at end of file