aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--lib/cgi.rb8
2 files changed, 11 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 69f5aded91..d5a8cdd954 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sun Feb 17 23:06:55 2008 Kazuhiro NISHIYAMA <zn@mbf.nifty.com>
+
+ * lib/cgi.rb (CGI::escapeHTML): use gsub with Hash. [ruby-dev:33828]
+
Sun Feb 17 21:38:21 2008 NARUSE, Yui <naruse@ruby-lang.org>
* encoding.c (ENC_CODERANGE_AND): fix broken case. [ruby-dev:33826]
diff --git a/lib/cgi.rb b/lib/cgi.rb
index 52502b3114..7997a58f4c 100644
--- a/lib/cgi.rb
+++ b/lib/cgi.rb
@@ -355,12 +355,18 @@ class CGI
end
end
+ TABLE_FOR_ESCAPE_HTML__ = {
+ '&' => '&amp;',
+ '"' => '&quot;',
+ '<' => '&lt;',
+ '>' => '&gt;',
+ }
# Escape special characters in HTML, namely &\"<>
# CGI::escapeHTML('Usage: foo "bar" <baz>')
# # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
def CGI::escapeHTML(string)
- string.gsub(/&/, '&amp;').gsub(/\"/, '&quot;').gsub(/>/, '&gt;').gsub(/</, '&lt;')
+ string.gsub(/[&\"<>]/, TABLE_FOR_ESCAPE_HTML__)
end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 19:07:08 +0000