Bug #5485 ยป owasp.patch
| lib/erb.rb | ||
|---|---|---|
|
# is a > 0 & a < 10?
|
||
|
#
|
||
|
def html_escape(s)
|
||
|
s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<")
|
||
|
s.to_s.gsub(/&/, "&").gsub(/\"/, """).gsub(/>/, ">").gsub(/</, "<").gsub(/'/, "'").gsub(/\//, "/")
|
||
|
end
|
||
|
alias h html_escape
|
||
|
module_function :h
|
||
| test/erb/test_erb.rb | ||
|---|---|---|
|
class TestERB < Test::Unit::TestCase
|
||
|
class MyError < RuntimeError ; end
|
||
|
def test_html_escape
|
||
|
{
|
||
|
'&' => '&',
|
||
|
'"' => '"',
|
||
|
'>' => '>',
|
||
|
'<' => '<',
|
||
|
"'" => ''',
|
||
|
'/' => '/'
|
||
|
}.each do |original, escaped|
|
||
|
assert_equal escaped, ERB::Util.h(original)
|
||
|
end
|
||
|
end
|
||
|
def test_without_filename
|
||
|
erb = ERB.new("<% raise ::TestERB::MyError %>")
|
||
|
e = assert_raise(MyError) {
|
||