escape_once uses negative lookahead to avoid double-escaping instead of a second gsub

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

escape_once uses negative lookahead to avoid double-escaping instead of a second gsub
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
e711d8fa · Jeremy Kemper · cb5b8a7f · e711d8fa
隐藏空白更改
内联并排

Showing with 1 addition and 6 deletion

actionpack/lib/action_view/helpers/tag_helper.rb actionpack/lib/action_view/helpers/tag_helper.rb +1 -6

未找到文件。
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -94,7 +94,7 @@ def cdata_section(content)
      #   escape_once("&lt;&lt; Accept & Checkout")
      #   # => "&lt;&lt; Accept &amp; Checkout"
      def escape_once(html)
-        fix_double_escape(html_escape(html.to_s))
+        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
      end

      private
@@ -116,11 +116,6 @@ def tag_options(options)
          end
        end

-        # Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc.
-        def fix_double_escape(escaped)
-          escaped.gsub(/&amp;([a-z]+|(#\d+));/i) { "&#{$1};" }
-        end
-
        def block_is_within_action_view?(block)
          eval("defined? _erbout", block.binding)
        end