summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorxibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2012-08-14 03:03:42 +0000
committerxibbar <xibbar@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2012-08-14 03:03:42 +0000
commit745ada86498cd80cf93610dd8d6d6b95f61ac327 (patch)
treee235d9044be1370d55eff4f4e4318963d5fbe9fd
parent7fc28975bc3bd03c2c776a9df5b1f9e89bff0f08 (diff)
Tue Aug 14 11:55:37 2012 Takeyuki FUJIOKA <xibbar@ruby-lang.org>
* lib/cgi/util.rb (CGI::escapeHTML): &apos; is not recommended. [Bug #6850] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36692 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--lib/cgi/util.rb2
-rw-r--r--test/cgi/test_cgi_util.rb2
-rw-r--r--test/erb/test_erb.rb2
3 files changed, 3 insertions, 3 deletions
diff --git a/lib/cgi/util.rb b/lib/cgi/util.rb
index 9cfff99..a2bd066 100644
--- a/lib/cgi/util.rb
+++ b/lib/cgi/util.rb
@@ -22,7 +22,7 @@ class CGI
# The set of special characters and their escaped values
TABLE_FOR_ESCAPE_HTML__ = {
- "'" => '&apos;',
+ "'" => '&#x27;',
'&' => '&amp;',
'"' => '&quot;',
'<' => '&lt;',
diff --git a/test/cgi/test_cgi_util.rb b/test/cgi/test_cgi_util.rb
index a36af77..5bf5b79 100644
--- a/test/cgi/test_cgi_util.rb
+++ b/test/cgi/test_cgi_util.rb
@@ -54,7 +54,7 @@ class CGIUtilTest < Test::Unit::TestCase
end
def test_cgi_escapeHTML
- assert_equal(CGI::escapeHTML("'&\"><"),"&apos;&amp;&quot;&gt;&lt;")
+ assert_equal(CGI::escapeHTML("'&\"><"),"&#x27;&amp;&quot;&gt;&lt;")
end
def test_cgi_unescapeHTML
diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb
index 66576d9..e609d47 100644
--- a/test/erb/test_erb.rb
+++ b/test/erb/test_erb.rb
@@ -40,7 +40,7 @@ class TestERB < Test::Unit::TestCase
def test_html_escape
# TODO: &apos; should be changed to &#x27;
- assert_equal(" !&quot;\#$%&amp;&apos;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
+ assert_equal(" !&quot;\#$%&amp;&#x27;()*+,-./0123456789:;&lt;=&gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~",
ERB::Util.html_escape(" !\"\#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"))
assert_equal("", ERB::Util.html_escape(""))