diff options
author | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-08-13 04:17:00 +0000 |
---|---|---|
committer | shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-08-13 04:17:00 +0000 |
commit | 4093598bf6eca8fce16fcb8695c4717063a5f6a0 (patch) | |
tree | 44e970d39dc70a9d995fdfe5a8b72a7eabe0bc30 /lib/erb.rb | |
parent | a63210855772fbeb62203872044e4403981c2daa (diff) | |
download | ruby-4093598bf6eca8fce16fcb8695c4717063a5f6a0.tar.gz |
* lib/erb.rb (ERB::Util.html_escape): use CGI.escape to escape
single quotes. [ruby-core:47138] [Bug #6861]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/erb.rb')
-rw-r--r-- | lib/erb.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/erb.rb b/lib/erb.rb index bb47943a86..d30911e0f1 100644 --- a/lib/erb.rb +++ b/lib/erb.rb @@ -10,6 +10,8 @@ # # You can redistribute it and/or modify it under the same terms as Ruby. +require "cgi/util" + # # = ERB -- Ruby Templating # @@ -909,7 +911,7 @@ class ERB # is a > 0 & a < 10? # def html_escape(s) - s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<") + CGI.escapeHTML(s) end alias h html_escape module_function :h |