ERB html_escape should follow OWASP recommendations
ruby 2.0.0dev (2011-10-25 trunk 33524) [x86_64-darwin11.2.0]
OWASP recommends that we escape single quotes and forward slashes before inserting them in to HTML. I would like to change ERB::Util.html_escape to do that.
I've attached a patch. Thanks!