Also move html_esacpe regex to a constant (see 9d25af60)

06965478 · Godfrey Chan · 2c564cdb · 06965478
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

activesupport/lib/active_support/core_ext/string/output_safety.rb ...pport/lib/active_support/core_ext/string/output_safety.rb +2 -1

未找到文件。
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -5,6 +5,7 @@ class ERB
  module Util
    HTML_ESCAPE = { '&' => '&amp;',  '>' => '&gt;',   '<' => '&lt;', '"' => '&quot;', "'" => '&#39;' }
    JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003e', '<' => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
+    HTML_ESCAPE_REGEXP = /[&"'><]/
    HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+));)/
    JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u

@@ -21,7 +22,7 @@ def html_escape(s)
      if s.html_safe?
        s
      else
-        s.gsub(/[&"'><]/, HTML_ESCAPE).html_safe
+        s.gsub(HTML_ESCAPE_REGEXP, HTML_ESCAPE).html_safe
      end
    end