From c79f9ea606d072176533b22813653f9fd26940af Mon Sep 17 00:00:00 2001
From: Nate Matykiewicz <natematykiewicz@gmail.com>
Date: Sat, 4 Apr 2020 23:20:22 -0500
Subject: [ruby/rdoc] Escape method names in HTML

The following is invalid HTML:
<a href="Array.html#method-i-3C-3C"><code><<</code></a></p>

Incorrect:
<code><<</code>

Correct:
<code>&lt;&lt;</code>

Fixes #761

https://github.com/ruby/rdoc/commit/b120d087f6
---
 lib/rdoc/markup/to_html_crossref.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/rdoc/markup')

diff --git a/lib/rdoc/markup/to_html_crossref.rb b/lib/rdoc/markup/to_html_crossref.rb
index 9314f04fae..4a3f028135 100644
--- a/lib/rdoc/markup/to_html_crossref.rb
+++ b/lib/rdoc/markup/to_html_crossref.rb
@@ -144,7 +144,7 @@ class RDoc::Markup::ToHtmlCrossref < RDoc::Markup::ToHtml
       path = ref.as_href @from_path
 
       if code and RDoc::CodeObject === ref and !(RDoc::TopLevel === ref)
-        text = "<code>#{text}</code>"
+        text = "<code>#{CGI.escapeHTML text}</code>"
       end
 
       if path =~ /#/ then
-- 
cgit v1.2.3