rails

History

Mike Dalessio aea8849821 `ERB::Util.html_escape_once` always returns an `html_safe` string This method previously maintained the `html_safe?` property of a string on the return value. Because this string has been escaped, however, not marking it as `html_safe` causes entities to be double-escaped. As an example, take this view snippet: ```html <p><%= html_escape_once("this & that & the other") %></p> ``` Before this change, that would be double-escaped and render as: ```html <p>this &amp; that &amp; the other</p> ``` After this change, it renders correctly as: ```html <p>this & that & the other</p> ``` [Fix #48256]	2023-05-22 12:02:03 +02:00
..
active_support	`ERB::Util.html_escape_once` always returns an `html_safe` string	2023-05-22 12:02:03 +02:00
active_support.rb	Unify Message{Encryptor,Verifier} serializer config	2023-05-08 12:09:45 -05:00

Mike Dalessio aea8849821 ERB::Util.html_escape_once always returns an html_safe string

This method previously maintained the `html_safe?` property of a string on the return
value. Because this string has been escaped, however, not marking it as `html_safe` causes
entities to be double-escaped.

As an example, take this view snippet:

  ```html
  <p><%= html_escape_once("this & that &amp; the other") %></p>
  ```

Before this change, that would be double-escaped and render as:

  ```html
  <p>this &amp;amp; that &amp;amp; the other</p>
  ```

After this change, it renders correctly as:

  ```html
  <p>this &amp; that &amp; the other</p>
  ```

[Fix #48256]

2023-05-22 12:02:03 +02:00

active_support ERB::Util.html_escape_once always returns an html_safe string 2023-05-22 12:02:03 +02:00

active_support.rb Unify Message{Encryptor,Verifier} serializer config 2023-05-08 12:09:45 -05:00