diff options
author | xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-08-14 03:03:42 +0000 |
---|---|---|
committer | xibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-08-14 03:03:42 +0000 |
commit | 745ada86498cd80cf93610dd8d6d6b95f61ac327 (patch) | |
tree | e235d9044be1370d55eff4f4e4318963d5fbe9fd | |
parent | 7fc28975bc3bd03c2c776a9df5b1f9e89bff0f08 (diff) |
Tue Aug 14 11:55:37 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org>
* lib/cgi/util.rb (CGI::escapeHTML): ' is not recommended. [Bug #6850]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | lib/cgi/util.rb | 2 | ||||
-rw-r--r-- | test/cgi/test_cgi_util.rb | 2 | ||||
-rw-r--r-- | test/erb/test_erb.rb | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb index 9cfff99b78..a2bd066fe2 100644 --- a/lib/cgi/util.rb +++ b/lib/cgi/util.rb @@ -22,7 +22,7 @@ class CGI # The set of special characters and their escaped values TABLE_FOR_ESCAPE_HTML__ = { - "'" => ''', + "'" => ''', '&' => '&', '"' => '"', '<' => '<', diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb index a36af776c5..5bf5b79988 100644 --- a/test/cgi/test_cgi_util.rb +++ b/test/cgi/test_cgi_util.rb @@ -54,7 +54,7 @@ class CGIUtilTest < Test::Unit::TestCase end def test_cgi_escapeHTML - assert_equal(CGI::escapeHTML("'&\"><"),"'&"><") + assert_equal(CGI::escapeHTML("'&\"><"),"'&"><") end def test_cgi_unescapeHTML diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb index 66576d98ea..e609d47876 100644 --- a/test/erb/test_erb.rb +++ b/test/erb/test_erb.rb @@ -40,7 +40,7 @@ class TestERB < Test::Unit::TestCase def test_html_escape # TODO: ' should be changed to ' - assert_equal(" !"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~", + assert_equal(" !"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~", ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~")) assert_equal("", ERB::Util.html_escape("")) |