activesupport 3.1.7 → 3.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activesupport might be problematic. Click here for more details.
- data/CHANGELOG.md +4 -0
- data/lib/active_support/core_ext/string/output_safety.rb +16 -37
- data/lib/active_support/version.rb +1 -1
- metadata +6 -3
data/CHANGELOG.md
CHANGED
|
@@ -3,45 +3,24 @@ require 'active_support/core_ext/kernel/singleton_class'
|
|
|
3
3
|
|
|
4
4
|
class ERB
|
|
5
5
|
module Util
|
|
6
|
-
HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"' }
|
|
6
|
+
HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' }
|
|
7
7
|
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003E', '<' => '\u003C' }
|
|
8
8
|
|
|
9
|
-
#
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
s
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
else
|
|
25
|
-
s.encode(s.encoding, :xml => :attr)[1...-1].html_safe
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
else
|
|
29
|
-
# A utility method for escaping HTML tag characters.
|
|
30
|
-
# This method is also aliased as <tt>h</tt>.
|
|
31
|
-
#
|
|
32
|
-
# In your ERB templates, use this method to escape any unsafe content. For example:
|
|
33
|
-
# <%=h @person.name %>
|
|
34
|
-
#
|
|
35
|
-
# ==== Example:
|
|
36
|
-
# puts html_escape("is a > 0 & a < 10?")
|
|
37
|
-
# # => is a > 0 & a < 10?
|
|
38
|
-
def html_escape(s)
|
|
39
|
-
s = s.to_s
|
|
40
|
-
if s.html_safe?
|
|
41
|
-
s
|
|
42
|
-
else
|
|
43
|
-
s.gsub(/[&"><]/n) { |special| HTML_ESCAPE[special] }.html_safe
|
|
44
|
-
end
|
|
9
|
+
# A utility method for escaping HTML tag characters.
|
|
10
|
+
# This method is also aliased as <tt>h</tt>.
|
|
11
|
+
#
|
|
12
|
+
# In your ERB templates, use this method to escape any unsafe content. For example:
|
|
13
|
+
# <%=h @person.name %>
|
|
14
|
+
#
|
|
15
|
+
# ==== Example:
|
|
16
|
+
# puts html_escape("is a > 0 & a < 10?")
|
|
17
|
+
# # => is a > 0 & a < 10?
|
|
18
|
+
def html_escape(s)
|
|
19
|
+
s = s.to_s
|
|
20
|
+
if s.html_safe?
|
|
21
|
+
s
|
|
22
|
+
else
|
|
23
|
+
s.gsub(/[&"'><]/n) { |special| HTML_ESCAPE[special] }.html_safe
|
|
45
24
|
end
|
|
46
25
|
end
|
|
47
26
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activesupport
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.8
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-
|
|
12
|
+
date: 2012-08-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: multi_json
|
|
@@ -275,9 +275,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
275
275
|
- - ! '>='
|
|
276
276
|
- !ruby/object:Gem::Version
|
|
277
277
|
version: '0'
|
|
278
|
+
segments:
|
|
279
|
+
- 0
|
|
280
|
+
hash: 1313720041613742728
|
|
278
281
|
requirements: []
|
|
279
282
|
rubyforge_project:
|
|
280
|
-
rubygems_version: 1.8.
|
|
283
|
+
rubygems_version: 1.8.24
|
|
281
284
|
signing_key:
|
|
282
285
|
specification_version: 3
|
|
283
286
|
summary: A toolkit of support libraries and Ruby core extensions extracted from the
|