From 92f02adf407d6884ffea789b39f78f44b7fd3722 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Sun, 2 Dec 2007 08:45:35 +0000
Subject: Don't escape forward slashes with String#to_json, our unicode
 encoding of < and > prevent the XSS problems. [tpope] Closes #10273

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8255 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 activesupport/lib/active_support/json/encoders/string.rb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'activesupport/lib')

diff --git a/activesupport/lib/active_support/json/encoders/string.rb b/activesupport/lib/active_support/json/encoders/string.rb
index ca74436802..28f1190662 100644
--- a/activesupport/lib/active_support/json/encoders/string.rb
+++ b/activesupport/lib/active_support/json/encoders/string.rb
@@ -11,8 +11,7 @@ module ActiveSupport
         '\\'   =>  '\\\\',
         '>'    =>  '\u003E',
         '<'    =>  '\u003C',
-        '&'    =>  '\u0026',
-        '/'    =>  '\\/'
+        '&'    =>  '\u0026'
       }
     end
   end
@@ -20,7 +19,7 @@ end
 
 class String
   def to_json(options = nil) #:nodoc:
-    '"' + gsub(/[\010\f\n\r\t"\\><&\/]/) { |s|
+    '"' + gsub(/[\010\f\n\r\t"\\><&]/) { |s|
       ActiveSupport::JSON::Encoding::ESCAPED_CHARS[s]
     }.gsub(/([\xC0-\xDF][\x80-\xBF]|
              [\xE0-\xEF][\x80-\xBF]{2}|
-- 
cgit v1.2.3