diff options
author | xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-07-17 23:04:46 +0000 |
---|---|---|
committer | xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-07-17 23:04:46 +0000 |
commit | c47cca2f858f2665a6424e417745a9fd7e78003c (patch) | |
tree | a98e14e74e805734e48a0645e7855f49766b59f0 /lib/cgi | |
parent | ba2ed2edebb1d86bc23e84a1f5168cf3fba94f84 (diff) | |
download | ruby-c47cca2f858f2665a6424e417745a9fd7e78003c.tar.gz |
Wed Jul 18 07:59:29 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org>
* lib/cgi/util.rb (CGI.escapeHTML,unescapeHTML): Add ' for HTML5 escaping.
[Feature #6620]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36422 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/cgi')
-rw-r--r-- | lib/cgi/util.rb | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb index b877c1bae7..9cfff99b78 100644 --- a/lib/cgi/util.rb +++ b/lib/cgi/util.rb @@ -22,6 +22,7 @@ class CGI # The set of special characters and their escaped values TABLE_FOR_ESCAPE_HTML__ = { + "'" => ''', '&' => '&', '"' => '"', '<' => '<', @@ -32,7 +33,7 @@ class CGI # CGI::escapeHTML('Usage: foo "bar" <baz>') # # => "Usage: foo "bar" <baz>" def CGI::escapeHTML(string) - string.gsub(/[&\"<>]/, TABLE_FOR_ESCAPE_HTML__) + string.gsub(/['&\"<>]/, TABLE_FOR_ESCAPE_HTML__) end # Unescape a string that has been HTML-escaped @@ -41,8 +42,9 @@ class CGI def CGI::unescapeHTML(string) enc = string.encoding if [Encoding::UTF_16BE, Encoding::UTF_16LE, Encoding::UTF_32BE, Encoding::UTF_32LE].include?(enc) - return string.gsub(Regexp.new('&(amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do + return string.gsub(Regexp.new('&(apos|amp|quot|gt|lt|#[0-9]+|#x[0-9A-Fa-f]+);'.encode(enc))) do case $1.encode("US-ASCII") + when 'apos' then "'".encode(enc) when 'amp' then '&'.encode(enc) when 'quot' then '"'.encode(enc) when 'gt' then '>'.encode(enc) @@ -53,9 +55,10 @@ class CGI end end asciicompat = Encoding.compatible?(string, "a") - string.gsub(/&(amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do + string.gsub(/&(apos|amp|quot|gt|lt|\#[0-9]+|\#x[0-9A-Fa-f]+);/) do match = $1.dup case match + when 'apos' then "'" when 'amp' then '&' when 'quot' then '"' when 'gt' then '>' |