diff --git a/actionpack/lib/action_view/template_handlers/erb.rb b/actionpack/lib/action_view/template_handlers/erb.rb index f1b800cb5338839290575b399b34e427f23a4062..022fc362e76288c95858b0d20399b761cc8c9326 100644 --- a/actionpack/lib/action_view/template_handlers/erb.rb +++ b/actionpack/lib/action_view/template_handlers/erb.rb @@ -5,7 +5,7 @@ module Util HTML_ESCAPE = { '&' => '&', '"' => '"', '>' => '>', '<' => '<' } def html_escape(s) - s.to_s.gsub(/[&\"><]/) { |special| HTML_ESCAPE[special] } + s.to_s.gsub(/[&"><]/) { |special| HTML_ESCAPE[special] } end end end diff --git a/actionpack/test/template/erb_util_test.rb b/actionpack/test/template/erb_util_test.rb new file mode 100644 index 0000000000000000000000000000000000000000..3aff987b22e33f7a99627043d25c306726345321 --- /dev/null +++ b/actionpack/test/template/erb_util_test.rb @@ -0,0 +1,56 @@ +require "#{File.dirname(__FILE__)}/../abstract_unit" + +class ErbUtilTest < Test::Unit::TestCase + include ERB::Util + + def test_amp + assert_equal '&', html_escape('&') + end + + def test_quot + assert_equal '"', html_escape('"') + end + + def test_lt + assert_equal '<', html_escape('<') + end + + def test_gt + assert_equal '>', html_escape('>') + end + + def test_rest_in_ascii + (0..127).to_a.map(&:chr).each do |chr| + next if %w(& " < >).include?(chr) + assert_equal chr, html_escape(chr) + end + end +end +require "#{File.dirname(__FILE__)}/../abstract_unit" + +class ErbUtilTest < Test::Unit::TestCase + include ERB::Util + + def test_amp + assert_equal '&', html_escape('&') + end + + def test_quot + assert_equal '"', html_escape('"') + end + + def test_lt + assert_equal '<', html_escape('<') + end + + def test_gt + assert_equal '>', html_escape('>') + end + + def test_rest_in_ascii + (0..127).to_a.map(&:chr).each do |chr| + next if %w(& " < >).include?(chr) + assert_equal chr, html_escape(chr) + end + end +end \ No newline at end of file