From 4093598bf6eca8fce16fcb8695c4717063a5f6a0 Mon Sep 17 00:00:00 2001
From: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 13 Aug 2012 04:17:00 +0000
Subject: * lib/erb.rb (ERB::Util.html_escape): use CGI.escape to escape  
 single quotes. [ruby-core:47138] [Bug #6861]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36687 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/erb.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/erb.rb b/lib/erb.rb
index bb47943a86..d30911e0f1 100644
--- a/lib/erb.rb
+++ b/lib/erb.rb
@@ -10,6 +10,8 @@
 #
 # You can redistribute it and/or modify it under the same terms as Ruby.
 
+require "cgi/util"
+
 #
 # = ERB -- Ruby Templating
 #
@@ -909,7 +911,7 @@ class ERB
     #   is a &gt; 0 &amp; a &lt; 10?
     #
     def html_escape(s)
-      s.to_s.gsub(/&/, "&amp;").gsub(/\"/, "&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
+      CGI.escapeHTML(s)
     end
     alias h html_escape
     module_function :h
-- 
cgit v1.2.3