escape_once uses negative lookahead to avoid double-escaping instead of a second gsub

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7606 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2026-01-30 00:38:00 -05:00 · 2007-09-24 05:43:59 +00:00
parent cb5b8a7f05
commit e711d8fade
1 changed files with 1 additions and 6 deletions
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -94,7 +94,7 @@ module ActionView
      #   escape_once("&lt;&lt; Accept & Checkout")
      #   # => "&lt;&lt; Accept &amp; Checkout"
      def escape_once(html)
-        fix_double_escape(html_escape(html.to_s))
+        html.to_s.gsub(/[\"><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
      end

      private
@@ -116,11 +116,6 @@ module ActionView
          end
        end

-        # Fix double-escaped entities, such as &amp;amp;, &amp;#123;, etc.
-        def fix_double_escape(escaped)
-          escaped.gsub(/&amp;([a-z]+|(#\d+));/i) { "&#{$1};" }
-        end
-
        def block_is_within_action_view?(block)
          eval("defined? _erbout", block.binding)
        end