diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | lib/cgi/util.rb | 2 | ||||
| -rw-r--r-- | test/cgi/test_cgi_util.rb | 4 | ||||
| -rw-r--r-- | test/erb/test_erb.rb | 3 |
4 files changed, 9 insertions, 5 deletions
@@ -1,3 +1,8 @@ +Wed Aug 22 07:27:00 2012 NARUSE, Yui <naruse@ruby-lang.org> + + * lib/cgi/util.rb (CGI.escapeHTML): use ' + [ruby-core:47221] [Bug #6861] + Tue Aug 21 21:59:22 2012 Ayumu AIZAWA <ayumu.aizawa@gmail.com> * lib/observer.rb: fix typo. https://github.com/ruby/ruby/pull/162 by diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb index f6c25a9550..41ae724c8c 100644 --- a/lib/cgi/util.rb +++ b/lib/cgi/util.rb @@ -22,7 +22,7 @@ class CGI # The set of special characters and their escaped values TABLE_FOR_ESCAPE_HTML__ = { - "'" => ''', + "'" => ''', '&' => '&', '"' => '"', '<' => '<', diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb index 5bf5b79988..2c003a0300 100644 --- a/test/cgi/test_cgi_util.rb +++ b/test/cgi/test_cgi_util.rb @@ -54,11 +54,11 @@ class CGIUtilTest < Test::Unit::TestCase end def test_cgi_escapeHTML - assert_equal(CGI::escapeHTML("'&\"><"),"'&"><") + assert_equal(CGI::escapeHTML("'&\"><"),"'&"><") end def test_cgi_unescapeHTML - assert_equal(CGI::unescapeHTML("'&"><"),"'&\"><") + assert_equal(CGI::unescapeHTML("'&"><"),"'&\"><") end end diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb index fc1e1fcbc6..7ddbc878d4 100644 --- a/test/erb/test_erb.rb +++ b/test/erb/test_erb.rb @@ -39,8 +39,7 @@ class TestERB < Test::Unit::TestCase end def test_html_escape - # TODO: ' should be changed to ' - assert_equal(" !"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~", + assert_equal(" !"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~", ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~")) assert_equal("", ERB::Util.html_escape("")) |