From 2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae Mon Sep 17 00:00:00 2001
From: Santiago Pastorino <santiago@wyeworks.com>
Date: Tue, 31 Jul 2012 22:25:54 -0300
Subject: html_escape should escape single quotes

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
Closes #7215

Conflicts:
	actionpack/test/template/erb_util_test.rb
	actionpack/test/template/form_tag_helper_test.rb
	actionpack/test/template/text_helper_test.rb
	actionpack/test/template/url_helper_test.rb
	activesupport/lib/active_support/core_ext/string/output_safety.rb
---
 actionpack/test/controller/new_base/render_template_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/test/controller/new_base')

diff --git a/actionpack/test/controller/new_base/render_template_test.rb b/actionpack/test/controller/new_base/render_template_test.rb
index ade204c387..29c8885d9f 100644
--- a/actionpack/test/controller/new_base/render_template_test.rb
+++ b/actionpack/test/controller/new_base/render_template_test.rb
@@ -126,7 +126,7 @@ module RenderTemplate
     test "rendering a template with error properly excerts the code" do
       get :with_error
       assert_status 500
-      assert_match "undefined local variable or method `idontexist'", response.body
+      assert_match "undefined local variable or method `idontexist", response.body
     end
   end
 
-- 
cgit v1.2.3