mirror of https://github.com/rails/rails
The hex escape sequence can be of any length
This commit is contained in:
parent
41de23ec03
commit
268a29d49a
|
@ -7,7 +7,7 @@ class ERB
|
|||
HTML_ESCAPE = { '&' => '&', '>' => '>', '<' => '<', '"' => '"', "'" => ''' }
|
||||
JSON_ESCAPE = { '&' => '\u0026', '>' => '\u003e', '<' => '\u003c', "\u2028" => '\u2028', "\u2029" => '\u2029' }
|
||||
HTML_ESCAPE_REGEXP = /[&"'><]/
|
||||
HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]{1,4}));)/
|
||||
HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
|
||||
JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
|
||||
|
||||
# A utility method for escaping HTML tag characters.
|
||||
|
|
Loading…
Reference in New Issue