From 5d5e34fa52183566968cb22f7c49544a7361a130 Mon Sep 17 00:00:00 2001 From: Michael Koziarski Date: Thu, 15 Oct 2009 09:58:17 +1300 Subject: Use ERB::Util.h over CGI.escapeHTML as the former is safety aware and the latter isn't --- actionpack/lib/action_controller/metal/redirector.rb | 2 +- actionpack/lib/action_view/safe_buffer.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib') diff --git a/actionpack/lib/action_controller/metal/redirector.rb b/actionpack/lib/action_controller/metal/redirector.rb index f79fd54acd..b55f5e7bfc 100644 --- a/actionpack/lib/action_controller/metal/redirector.rb +++ b/actionpack/lib/action_controller/metal/redirector.rb @@ -16,7 +16,7 @@ module ActionController logger.info("Redirected to #{url}") if logger && logger.info? self.status = status self.location = url.gsub(/[\r\n]/, '') - self.response_body = "You are being redirected." + self.response_body = "You are being redirected." end end end diff --git a/actionpack/lib/action_view/safe_buffer.rb b/actionpack/lib/action_view/safe_buffer.rb index 8ba9cd80d6..09f44ab26f 100644 --- a/actionpack/lib/action_view/safe_buffer.rb +++ b/actionpack/lib/action_view/safe_buffer.rb @@ -5,7 +5,7 @@ module ActionView #:nodoc: if value.html_safe? super(value) else - super(CGI.escapeHTML(value)) + super(ERB::Util.h(value)) end end -- cgit v1.2.3