From 5d5e34fa52183566968cb22f7c49544a7361a130 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Thu, 15 Oct 2009 09:58:17 +1300
Subject: Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and
 the latter isn't

---
 actionpack/lib/action_view/safe_buffer.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_view')

diff --git a/actionpack/lib/action_view/safe_buffer.rb b/actionpack/lib/action_view/safe_buffer.rb
index 8ba9cd80d6..09f44ab26f 100644
--- a/actionpack/lib/action_view/safe_buffer.rb
+++ b/actionpack/lib/action_view/safe_buffer.rb
@@ -5,7 +5,7 @@ module ActionView #:nodoc:
       if value.html_safe?
         super(value)
       else
-        super(CGI.escapeHTML(value))
+        super(ERB::Util.h(value))
       end
     end
 
-- 
cgit v1.2.3