From e711d8fade2a47e4a709fa3eb4b8dd7af6f6ac08 Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Mon, 24 Sep 2007 05:43:59 +0000
Subject: escape_once uses negative lookahead to avoid double-escaping instead
 of a second gsub

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/lib/action_view/helpers/tag_helper.rb | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'actionpack/lib/action_view/helpers/tag_helper.rb')

diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index f222e43adc..963f494760 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -94,7 +94,7 @@ module ActionView
       #   escape_once("&lt;&lt; Accept & Checkout")
       #   # => "&lt;&lt; Accept &amp; Checkout"
       def escape_once(html)
-        fix_double_escape(html_escape(html.to_s))
+        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
       end
 
       private
@@ -116,11 +116,6 @@ module ActionView
           end
         end
 
-        # Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc.
-        def fix_double_escape(escaped)
-          escaped.gsub(/&amp;([a-z]+|(#\d+));/i) { "&#{$1};" }
-        end
-
         def block_is_within_action_view?(block)
           eval("defined? _erbout", block.binding)
         end
-- 
cgit v1.2.3