Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #10622 (new defect)

Opened 8 months ago

Last modified 7 months ago

[PATCH] [TEST] String#escapeHTML to escape double quotes.

Reported by: pointy Assigned to: sam
Priority: normal Milestone: 2.x
Component: Prototype Version: edge
Severity: normal Keywords:
Cc:

Description

In order to protect quote characters when (for example) constructing HTML tag attributes from string values, the escapeHTML function should encode single- and double-quote charcters as the appropriate HTML entities.

Attachments

escapeHTML.diff (0.9 kB) - added by kangax on 01/28/08 09:59:17.
escapeHTML_test.diff (0.8 kB) - added by kangax on 02/04/08 16:49:44.

Change History

01/28/08 09:59:17 changed by kangax

  • attachment escapeHTML.diff added.

01/28/08 10:00:06 changed by kangax

Well, looks like Ruby's html_escape escapes only double quotes http://www.ruby-doc.org/stdlib/libdoc/erb/rdoc/classes/ERB/Util.html#M000623

Prototype doesn't escape them at all.

01/28/08 10:01:02 changed by kangax

  • summary changed from Prototype String#escapeHTML() does not escape quotes. to [PATCH] String#escapeHTML to escape double quotes..

02/04/08 16:49:44 changed by kangax

  • attachment escapeHTML_test.diff added.

02/04/08 16:50:05 changed by kangax

  • summary changed from [PATCH] String#escapeHTML to escape double quotes. to [PATCH] [TEST] String#escapeHTML to escape double quotes..