From 2bdb4ec6ad9bb99ac0029fcb030ac757307d08ae Mon Sep 17 00:00:00 2001 From: Santiago Pastorino Date: Tue, 31 Jul 2012 22:25:54 -0300 Subject: html_escape should escape single quotes https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content Closes #7215 Conflicts: actionpack/test/template/erb_util_test.rb actionpack/test/template/form_tag_helper_test.rb actionpack/test/template/text_helper_test.rb actionpack/test/template/url_helper_test.rb activesupport/lib/active_support/core_ext/string/output_safety.rb --- actionpack/test/controller/render_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/test/controller/render_test.rb') diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb index 4ad9c64413..afaf9e5ea9 100644 --- a/actionpack/test/controller/render_test.rb +++ b/actionpack/test/controller/render_test.rb @@ -170,7 +170,7 @@ class TestController < ActionController::Base # :ported: def render_text_hello_world_with_layout - @variable_for_layout = ", I'm here!" + @variable_for_layout = ", I am here!" render :text => "hello world", :layout => true end @@ -831,7 +831,7 @@ class RenderTest < ActionController::TestCase # :ported: def test_do_with_render_text_and_layout get :render_text_hello_world_with_layout - assert_equal "hello world, I'm here!", @response.body + assert_equal "hello world, I am here!", @response.body end # :ported: -- cgit v1.2.3